Vulnerability Development mailing list archives

Re: Blind Remote Buffer Overflow

From: mpotter () ATPCO COM (Matthew R. Potter)
Date: Sat, 29 Apr 2000 00:54:56 -0400

I'm not much of a security guru, but I really dont see how much of what

you've

put into this concept of "blind exploiting" is possible. In order to exploit
something, you need to know the vulnerability. The vulnerability has many
dependencies:

- Machine Architecture

<snip>

<snip>

While we are on the topic I have some questions:

How does one tell the diffrence in architechture remotely, when the OS runs
on multiple architechtures? Other than just taking a stab at it untill it
works. Assuming you arent on the same physical network segment and can run
ARP and see the MAC adress of the target. How does one tell the diffrence
between x86 or SPARC, etc. Byte ordering? If thats at all possible to get
the machine to disclose that across a network. I wonder if it would be
possible to tell the diffrence of 4 NetBSD or OpenBSD machines with all
diffrent architechtures. Then again is it even worth it.

Matt.

Current thread:

Re: No-Exec Stack Smashing 101, (continued)
- - - Re: No-Exec Stack Smashing 101 Granquist, Lamont (Apr 26)
    - long file names in explorer.exe kj (Apr 26)
    - Re: long file names in explorer.exe Rory Savage (Apr 28)
    - Re: long file names in explorer.exe kj (Apr 28)
    - Lotus notes + windows98 overflow Alistair Orchard (Apr 27)
    - Blind Remote Buffer Overflow Granquist, Lamont (Apr 27)
    - Eudora Pro Buffer Overflow testing in progress - help needed. Zoa_Chien (Apr 28)
    - Re: Eudora Pro Buffer Overflow testing in progress - help needed. Blue Boar (Apr 28)
    - Re: Blind Remote Buffer Overflow Marc (Apr 28)
    - Re: Blind Remote Buffer Overflow Ralph The Wonder Llama (Apr 28)
    - Re: Blind Remote Buffer Overflow Matthew R. Potter (Apr 28)
    - Re: Blind Remote Buffer Overflow Sebastian (Apr 29)
    - Re: Blind Remote Buffer Overflow Mark L. Jackson (Apr 29)
    - Re: Blind Remote Buffer Overflow Arturo Busleiman (Apr 30)
    - Re: Blind Remote Buffer Overflow Arturo Busleiman (Apr 30)
    - Replacing Kernel Functions via a LKM Granquist, Lamont (Apr 27)
    - Re: Replacing Kernel Functions via a LKM Dragos Ruiu (Apr 27)
    - Re: Replacing Kernel Functions via a LKM Dragos Ruiu (Apr 28)
    - Re: Replacing Kernel Functions via a LKM Prateek Jetly (Apr 27)
    - Re: No-Exec Stack Smashing 101 Michael H. Warfield (Apr 26)
    - Re: No-Exec Stack Smashing 101 Crispin Cowan (Apr 26)

(Thread continues...)