Vulnerability Development mailing list archives
Re: partial analysis of vulndev-1.c
From: "Dana Epp" <dana () vulscan com>
Date: Tue, 13 May 2003 15:29:02 -0700
----- Original Message -----
From: "David R. Piegdon" <fleshyCPU () gmx net> [...] now the question: can we use this buffer overflow? actually in this case not, because the allocation of the buffer is done with malloc. on linux at least :) malloc does not use the stack but it uses the HEAP.
Just because Linux may allocate the memory on the heap doesn't mean it can't be overflowed. This is a comon misconception that bites a lot of us. (Chances are you already know this) You could muck with it and trick the free into overwriting arbitrary memory locations with exploit data. There is a pretty good paper on this over at: http://www.w00w00.org/files/articles/heaptut.txt. Although heap overflows are much harder to predict and architect, it is still quite possible. I wouldn't count on the fact Linux uses the heap as a saving grace against an attack like this. --- Regards, Dana M. Epp
Current thread:
- Re: Administrivia: List Announcement, (continued)
- Re: Administrivia: List Announcement David Riley (May 13)
- Re: Administrivia: List Announcement Benjamin A. Okopnik (May 13)
- Re: Administrivia: List Announcement Edinelson Keiji Shimokawa (May 14)
- Re: Administrivia: List Announcement Benjamin A. Okopnik (May 13)
- Re: Administrivia: List Announcement Brian Hatch (May 13)
- Re: Administrivia: List Announcement Wojciech Purczynski (May 14)
- Re: Administrivia: List Announcement Luciano Miguel Ferreira Rocha (May 14)
- vulndev-1.c challenge (was Re: Administrivia: List Announcement) Bennett Todd (May 13)
- Re: Administrivia: List Announcement Bernie Cosell (May 13)
- Re: Administrivia: List Announcement Valdis . Kletnieks (May 15)
- partial analysis of vulndev-1.c David R. Piegdon (May 13)
- Re: partial analysis of vulndev-1.c Dana Epp (May 13)
- Re: partial analysis of vulndev-1.c master of chaos - lord of mean (May 13)
- RE: partial analysis of vulndev-1.c David Schwartz (May 13)
- Re: partial analysis of vulndev-1.c Nexus (May 14)
- Re: partial analysis of vulndev-1.c andrewg (May 13)
- Re: Administrivia: List Announcement David Riley (May 13)
- Re: Administrivia: List Announcement Mr. Rufus Faloofus (May 13)
- RE: Administrivia: List Announcement Cameron Brown (May 13)
- RE: Administrivia: List Announcement Shafik Yaghmour (May 13)
- RE: Administrivia: List Announcement Cameron Brown (May 13)
- RE: Administrivia: List Announcement andrewg (May 13)
- RE: Administrivia: List Announcement Shafik Yaghmour (May 13)
- Re: vulndev1.c solution (warning SPOILER) Jose Ronnick (May 13)