RE: Threat scenarios from local buffer overflow

["David Gillett" <gillettdavid () fhda edu>]

  An attacker might exploit something like this as a second stage
of an attack -- i.e., use some first vulnerability to let them
"run arbitrary code" on the target machine, and use that arbitrary
code to invoke something like this to elevate their permissions.
(It's not obvious that running *notepad* should raise anyone's
permissions, but if this overflow lets them run code as the 
*owner* of notepad.exe, it might -- and there could be more 
dangerous local executables that *do* raise permissions as
part of normal operations.)

  Also, buffer overflows can, in some cases, drive CPU use to 100%,
making for a dandy DoS attack.

  So while a local buffer overflow is not sufficient for a 
remote compromise, it's still a potential threat to the system.

David Gillett



> -----Original Message-----
> From: SmartKID [mailto:flawpee () rediffmail com]
> Sent: January 11, 2003 09:45
> To: security-basics () securityfocus com
> Subject: Threat scenarios from local buffer overflow
>
>
> Hi,
>
> Are there any possible threat scenarios from a buffer overflow in an
> executable stored locally. For instance, say something like 
> notepad.exe has
> a buffer overflow, which might be exploited by issuing
>
> notepad aaaaaa(3000 times).txt
>
> Would this allow any sort of system compromise or privilege execution?
>
> Thanks
> SmartKIDJoe