Vulnerability Development mailing list archives
Re: buffer overflow - fundamentals
From: honoriak <EGC () ARGEN NET>
Date: Wed, 7 Feb 2001 20:35:22 +0100
visi0n wrote:
This is a heap overflow, look for traceroute advisory. ===============================================================================
it's a buffer overflow. not heap i think; in the source code i can see char buff[2]; and not malloc() or new *char[2].. if it was c++. a lot of good texts about buffer overflows and format bugs you can see at: http://julianor.tripod.com by juliano rizzo from core SDI. -honoriak
visi0n AUX Technologies [www.aux-tech.net] On Mon, 5 Feb 2001, adeon wrote:Hello , I've wondered (I'm beginner) on how to make a buffer overflow exploit. So, let's say that i've got suid program (compiled) and owned by root: //----- cut here #include <stdio.h> char buff[2]; int main() { printf("Enter some letters:"); scanf("%s",buff); return 0; } //---- cut here Can anyone explain me how to make an exploit for it? Can anyone give some example of exploits? -- Best regards, adeon mailto:adeon () dino open net pl
Current thread:
- buffer overflow - fundamentals adeon (Feb 06)
- Re: buffer overflow - fundamentals erasor (Feb 06)
- Re: buffer overflow - fundamentals maillist (Feb 06)
- Re: buffer overflow - fundamentals visi0n (Feb 06)
- Re: buffer overflow - fundamentals honoriak (Feb 07)
- Re: buffer overflow - fundamentals rpc (Feb 08)
- Re: buffer overflow - fundamentals Larry W. Cashdollar (Feb 08)
- Re: buffer overflow - fundamentals honoriak (Feb 07)
- Re: buffer overflow - fundamentals Rasta C. Shell (Feb 07)
- Re: buffer overflow - fundamentals LV (Feb 07)
- <Possible follow-ups>
- Re: buffer overflow - fundamentals Robert G. Ferrell (Feb 07)
- Re: buffer overflow - fundamentals gregory duchemin (Feb 08)
- Re: buffer overflow - fundamentals visi0n (Feb 08)
- Re: buffer overflow - fundamentals honoriak (Feb 08)
- Re: buffer overflow - fundamentals jknoxville (Feb 08)