Vulnerability Development mailing list archives
Re: Exploiting Buffer Overflows on Compaq Tru64 and No-Exec Stack
From: "- OUAH -" <ouah_ () hotmail com>
Date: Fri, 17 May 2002 21:13:30 +0800
If you can control another buffer which is executable (maybe in bss or heap in tru64?) you can jump into. Even if there are NULL bytes in 64 btyes adress, DEC alpha is Little Endian so it is possible in many cases (like with Linux Alpha) to overwrite the retaddr with ONE address (but only one, it's the reason RET-into-libc arent possibles).
I know there some shellcodes for digital unix. The shellode is encoded and then decoded to contains any NULL bytes.
OUAH http://ouah.sysdoor.net _________________________________________________________________Discutez en ligne avec vos amis, essayez MSN Messenger : http://messenger.msn.com
Current thread:
- Exploiting Buffer Overflows on Compaq Tru64 and No-Exec Stack helmut schmidt (May 16)
- Re: Exploiting Buffer Overflows on Compaq Tru64 and No-Exec Stack Valdis . Kletnieks (May 16)
- <Possible follow-ups>
- RE: Exploiting Buffer Overflows on Compaq Tru64 and No-Exec Stack Sam Pointer (May 16)
- Re: Exploiting Buffer Overflows on Compaq Tru64 and No-Exec Stack dev-null (May 16)
- Re: Exploiting Buffer Overflows on Compaq Tru64 and No-Exec Stack Muhammad Faisal Rauf Danka (May 17)
- Re: Exploiting Buffer Overflows on Compaq Tru64 and No-Exec Stack - OUAH - (May 17)