Vulnerability Development mailing list archives

Re: buffer overflow - fundamentals

From: visi0n <visi0n () AUX-TECH NET>
Date: Wed, 7 Feb 2001 00:31:59 -0200

        This is a heap overflow, look for traceroute advisory.
===============================================================================
visi0n
AUX Technologies
[www.aux-tech.net]

On Mon, 5 Feb 2001, adeon wrote:

Hello ,

  I've wondered (I'm beginner) on how to make a buffer overflow
  exploit. So, let's say that i've got suid program (compiled) and owned
  by root:

  //----- cut here
  #include <stdio.h>

  char buff[2];

  int main()
  {
        printf("Enter some letters:");
        scanf("%s",buff);
        return 0;
  }
  //---- cut here

  Can anyone explain me how to make an exploit for it? Can anyone give
  some example of exploits?


--
Best regards,
 adeon                          mailto:adeon () dino open net pl

Current thread:

buffer overflow - fundamentals adeon (Feb 06)
- Re: buffer overflow - fundamentals erasor (Feb 06)
- Re: buffer overflow - fundamentals maillist (Feb 06)
- Re: buffer overflow - fundamentals visi0n (Feb 06)
  - Re: buffer overflow - fundamentals honoriak (Feb 07)
    - Re: buffer overflow - fundamentals rpc (Feb 08)
    - Re: buffer overflow - fundamentals Larry W. Cashdollar (Feb 08)
- Re: buffer overflow - fundamentals Rasta C. Shell (Feb 07)
- Re: buffer overflow - fundamentals LV (Feb 07)
- <Possible follow-ups>
- Re: buffer overflow - fundamentals Robert G. Ferrell (Feb 07)
- Re: buffer overflow - fundamentals gregory duchemin (Feb 08)
  - Re: buffer overflow - fundamentals visi0n (Feb 08)
- Re: buffer overflow - fundamentals honoriak (Feb 08)
- Re: buffer overflow - fundamentals jknoxville (Feb 08)