Vulnerability Development mailing list archives
Re: Buffer overflow in Dovecot or OpenSSL?
From: Timo Sirainen <tss () iki fi>
Date: 09 Apr 2003 17:50:11 +0300
On Wed, 2003-04-09 at 15:38, 3APA3A wrote:
Dear Timo Sirainen, You're right, the fact EIP points inside the stack should indicate large problems. But the string at EIP doesn't look to be shellcode or it's part.
Shellcode could have been before or after it, because of stack base randomization.
How many entries do you have in the log?
Just one, which I think means that either the attacker tried not to look suspicious, or just that it was some random bug that triggered the first time.
Do you have stackdump?
No, PAX killed it with SIGKILL so I couldn't debug it at all. I'm anyway pretty sure that this wasn't caused at least directly by my code. There's very few buffers in stack, and they're all written to with bounds checking so even corrupted heap shouldn't cause this.
Current thread:
- Buffer overflow in Dovecot or OpenSSL? Timo Sirainen (Apr 08)
- Re: Buffer overflow in Dovecot or OpenSSL? Admin (Apr 09)
- Re: Buffer overflow in Dovecot or OpenSSL? Timo Sirainen (Apr 09)
- Re: Buffer overflow in Dovecot or OpenSSL? 3APA3A (Apr 09)
- Re: Buffer overflow in Dovecot or OpenSSL? Timo Sirainen (Apr 09)
- POC Heap based buffer overflow Aaron C. Newman (Application Security, Inc.) (Apr 11)
- Re: POC Heap based buffer overflow Roland Postle (Apr 12)
- Re: Buffer overflow in Dovecot or OpenSSL? Admin (Apr 09)