Vulnerability Development mailing list archives

Re: Blind Remote Buffer Overflow

From: vision () WHITEHATS COM (Max Vision)
Date: Tue, 2 May 2000 00:01:05 -0700


On Mon, 1 May 2000, Blue Boar wrote:

In many cases, you will have more than one shot at trying your
buffer overflow.  One possibility is just trying them all.  If the
service doesn't auto-restart, then try each arch a week apart, so the
admin doesn't get suspicious.


The issue of admin suspicion should never come into this - anyone who
values their freedom will conduct their vulnerability research on their
local machines, or with explicit authorization from the remote admin.  The
vuln-dev phase is definitely not the right time to play seaky/clever games
over a network, regardless of one's intention.

Max

Current thread:

Re: ethernet cards & promisc mode, (continued)
- - - Re: ethernet cards & promisc mode David LaPorte (May 04)
    - Re: ethernet cards & promisc mode Granquist, Lamont (May 05)
    - Re: ethernet cards & promisc mode Bluefish (May 07)
    - "I don't think I really love you" Michal Zalewski (May 07)
    - Re: ethernet cards & promisc mode Granquist, Lamont (May 07)
    - Possible new strain of [CENSORED] Blue Boar (May 05)
    - Re: ethernet cards & promisc mode Dragos Ruiu (May 04)
    - Opportunist? Blue Boar (May 04)
    - Re: Opportunist? Andreas Ferber (May 05)
    - Reminder: MaxClientRequestBuffer Marc (May 03)
    - Re: Blind Remote Buffer Overflow Max Vision (May 02)
    - Re: Blind Remote Buffer Overflow Blue Boar (May 02)
    - Re: Blind Remote Buffer Overflow Bluefish (May 03)
    - Re: Blind Remote Buffer Overflow Bluefish (May 02)