Re: buffer overflow question

[Minchu Mo <morris_minchu () iwon com>]

In-Reply-To: <3C0DD8F0.1070208 () marshal-soft com>

Forgive me for asking:
what 's concept of the signals and ESOTERIC 
exploit, I don't have much clue when reading  from  
http://community.corest.com/~gera/InsecureProgram
ming/


> Received: (qmail 16357 invoked from network); 5 
Dec 2001 17:01:21 -0000
> Received: from outgoing3.securityfocus.com 
(HELO outgoing.securityfocus.com) (66.38.151.27)
>  by mail.securityfocus.com with SMTP; 5 Dec 2001 
17:01:21 -0000
> Received: from lists.securityfocus.com 
(lists.securityfocus.com [66.38.151.19])
>       by outgoing.securityfocus.com (Postfix) 
with QMQP
>       id 57D41A3105; Wed,  5 Dec 2001 
09:32:18 -0700 (MST)
> Mailing-List: contact vuln-dev-
help () securityfocus com; run by ezmlm
> Precedence: bulk
> List-Id: <vuln-dev.list-id.securityfocus.com>
> List-Post: <mailto:vuln-dev () securityfocus com>
> List-Help: <mailto:vuln-dev-
help () securityfocus com>
> List-Unsubscribe: <mailto:vuln-dev-
unsubscribe () securityfocus com>
> List-Subscribe: <mailto:vuln-dev-
subscribe () securityfocus com>
> Delivered-To: mailing list vuln-
dev () securityfocus com
> Delivered-To: moderator for vuln-
dev () securityfocus com
> Received: (qmail 3859 invoked from network); 5 
Dec 2001 08:20:04 -0000
> Message-ID: <3C0DD8F0.1070208@marshal-
soft.com>
> Date: Wed, 05 Dec 2001 09:21:04 +0100
> From: Marshal <marshal () marshal-soft com>
> User-Agent: Mozilla/5.0 (Windows; U; Win98; en-
US; rv:0.9.2) Gecko/20010726 Netscape6/6.1
> X-Accept-Language: en-us
> MIME-Version: 1.0
> To: =?ISO-8859-1?Q?Iv=E1n?= Arce 
<core.lists.exploit-dev () core-sdi com>,
>       vuln-dev () security-focus com
> Subject: Re: buffer overflow question
> References: 
<20011204225753.24101.qmail () mail com> 
<043901c17d29$04aef2f0$2e58a8c0@ffornicario>
> Content-Type: text/plain; charset=ISO-8859-1; 
format=flowed
> Content-Transfer-Encoding: 8bit
>
> As long as i remember the format strings example 
files on that page 
> aren't real format string vuln. but just ordinary buffer 
overflows.
> Iván Arce wrote:
>
> > Hi generic
> >
> > if you are teaching yourself buffer overflowing i 
highly
> > recommend that you go to
> > http://community.corest.com/~gera/InsecureProgra
mming/
> > go though all the sample program and code an 
exploit
> > for each one. its the best hand-ons learning i can 
think of,
> > besides 'gera' is a coworker and a really cool 
guy :0
> > -i
> >
> > ----- Original Message -----
> > From: *jnf <core.lists.exploit-dev () core-sdi com>
> > Newsgroups: core.lists.exploit-dev
> > To: <vuln-dev () securityfocus com>
> > <security-basics () security-focus com>
> > Sent: Tuesday, December 04, 2001 7:57 PM
> > Subject: buffer overflow question
> >
> >
> > > Hello, I have a request about buffer overflows,
> > > I am teaching myself about them, more
> > > specifically how to reconize, code the exploit
> > > and fix the hole, what I would like to know is
> > > if anyone knows any local exploits for the
> > > linux os (x86) that would follow what one could
> > > consider to be a 'text-book- scenario of one,
> > > and if so could they foward me that
> > > information, it would be greatly appreciated
> > > thank you
> > >
> > >
> > >
> > > generic
> > >
> > > --
> > >
> > > ________________________________________
_______
> > > Sign-up for your own FREE Personalized E-mail 
at Mail.com
> > > http://www.mail.com/?sr=signup
> > >
> > >
> > > 1 cent a minute calls anywhere in the U.S.!
> > http://www.getpennytalk.com/cgi-
bin/adforward.cgi?p_key=RG9853KJ&url=http://
> > www.getpennytalk.com
> >
> > >
> >
> >
> > --- for a personal reply use: =?iso-8859-1?Q?
Iv=E1n_Arce?= <ivan.arce () corest com>
> >