Vulnerability Development mailing list archives
Re: controlling ebp/eip of a frame, does it always lead to possible code execution?
From: Ingram <Vail () gmx net>
Date: Thu, 18 Sep 2003 19:44:42 +0200 (MEST)
deepcode . wrote:
By the looks of it, you are doing everything right. Your overwritten return
address points directly to your nop's. The shellcode should be executed. What OS are you on, you may have aditional stack protections on the system to prevent standard overflows, particularly redhat 9 (shrike), which i'm using now, will prevent this: not sure exactly how yet ...
*doh*, sorry forgot to mention the os, i am running freebsd 4.8 without any stack protections. -- +++ GMX - die erste Adresse für Mail, Message, More! +++ Getestet von Stiftung Warentest: GMX FreeMail (GUT), GMX ProMail (GUT) (Heft 9/03 - 23 e-mail-Tarife: 6 gut, 12 befriedigend, 5 ausreichend) Jetzt selbst kostenlos testen: http://www.gmx.net
Current thread:
- controlling ebp/eip of a frame, does it always lead to possible code execution? Ingram (Sep 18)
- Re: controlling ebp/eip of a frame, does it always lead to possible code execution? Steven Hill (Sep 19)
- <Possible follow-ups>
- Re: controlling ebp/eip of a frame, does it always lead to possible code execution? Ingram (Sep 18)
- Re: controlling ebp/eip of a frame, does it always lead to possible code execution? deepcode . (Sep 18)
- RE: controlling ebp/eip of a frame, does it always lead to possible code execution? Fisch, Matthew (Sep 22)