Vulnerability Development mailing list archives
Re: Blind Remote Buffer Overflow
From: 11a () GMX NET (Bluefish)
Date: Tue, 2 May 2000 12:15:39 +0200
I was thinking of a forking deamon, where a none-working overflow only coredumps one session (like e.g apache httpd). Assuming that the overflow was found by trying different overflow sizes, it seems safe to say that it's such a deamon. Then there's no need to make a single overflow do everything. The cons with it that it would be huge, very hard to code, and wouldn't fit to most small bufferts. Except that, sounds fun to write code which executes upon more than one architecture ;)
Ahh.. now this could be really cool, if only as an exercise. Is anyone aware of a set of bytes that will execute on two or more processor architectures, and branch accordingly without bombing? We'd also need something that could operate as a NOP for multiple architectures, too. Who knows their x86 and Sparc opcodes really well?
..:::::::::::::::::::::::::::::::::::::::::::::::::..
http://www.11a.nu || http://bluefish.11a.nu
eleventh alliance development & security team
Current thread:
- "I don't think I really love you", (continued)
- "I don't think I really love you" Michal Zalewski (May 07)
- Re: ethernet cards & promisc mode Granquist, Lamont (May 07)
- Possible new strain of [CENSORED] Blue Boar (May 05)
- Re: ethernet cards & promisc mode Dragos Ruiu (May 04)
- Opportunist? Blue Boar (May 04)
- Re: Opportunist? Andreas Ferber (May 05)
- Reminder: MaxClientRequestBuffer Marc (May 03)
- Re: Blind Remote Buffer Overflow Max Vision (May 02)
- Re: Blind Remote Buffer Overflow Blue Boar (May 02)
- Re: Blind Remote Buffer Overflow Bluefish (May 03)
- Re: Blind Remote Buffer Overflow Bluefish (May 02)