Bugtraq mailing list archives
Re: Future of buffer overflows ?
From: "Granquist, Lamont" <lamont () ICOPYRIGHT COM>
Date: Mon, 30 Oct 2000 10:27:44 -0800
On Mon, 30 Oct 2000, Thomas Dullien wrote:
Does this mean buffer overflows and format string vulnerabilities are dead ?
Nope. You can take shellcode and put it on the stack or wherever and then copy it to an executable page (GOT, heap) with memcpy(), strcpy(), etc and then return into that shellcode and get a shell. It isn't very difficult. There was a thread on VULN-DEV that I participated in which explained how to write non-exec exploits. Tim Newsham also wrote a really nice non-exec exploit of lpset for sol7 x86 on BUGTRAQ back on May 6th which chains together multiple libc calls -- if you're interested, i'd suggest digging that exploit up. For every exploitable buffer overflow on x86, there is going to be a corresponding exploit that doesn't execute code on the stack, and isn't that hard to write once you understand the basics.
Current thread:
- Re: Future of buffer overflows ? Granquist, Lamont (Nov 03)
- <Possible follow-ups>
- Re: Future of buffer overflows ? Darren Reed (Nov 03)
- Re: Future of buffer overflows ? Michal Zalewski (Nov 03)
- Re: Future of buffer overflows ? Crispin Cowan (Nov 03)
- Re: Future of buffer overflows ? tseeker (Nov 03)
- Re: Future of buffer overflows ? Gerardo Richarte (Nov 03)
- Re: Future of buffer overflows ? Gerardo Richarte (Nov 03)