Bugtraq mailing list archives
Protection against buffer overflows: when your anchor is washed away, then you are overflowed and refuse to RET
From: "Exurity Inc." <exurity () rogers com>
Date: Fri, 11 Apr 2003 20:20:04 -0400
Hi, Everyone on this list: Please find http://members.rogers.com/exurity/pdf/AntiOverflows.pdf a research paper on an anchoring mechanism to protect against overflow exploitation. The concept presented is to utilize the address (and/or a system-wide random number) of a structure or memory block to detect whether the memory block above the anchor in memory address has been overflowed. If it detects it has been overflowed, then protective steps such as generating a single-step exception on x86 can be taken. This article explains in depth the protection mechanisms for the following exploitations of overflowing: ・ Against Off-By-One Exploitation Of Overflowed Stack ・ Against Exploitation of Heap Overflow and Memory Trampling ・ Against Exploitation of Overflowed Structured Exception Handling (SEH) Frame Like Code Red ・ Against Brute Force Exploitation of RET in WebDAV Exploit Scheme. ・ Application of Anti-Overflow Concepts in Daily Programming Peter Huang http://members.rogers.com/exurity/
Current thread:
- Vulnerabilities in Portable Executable (PE) File Format For Win32 Architecture Exurity Inc. (Apr 09)
- Protection against buffer overflows: when your anchor is washed away, then you are overflowed and refuse to RET Exurity Inc. (Apr 12)