Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: buffer overflow - fundamentals

From: gregory duchemin <c3rb3r () HOTMAIL COM>
Date: Thu, 8 Feb 2001 15:29:26 -0000
not a heap but a data segment overflow, buff is global.

Gregory.



visi0n wrote:

>         This is a heap overflow, look for traceroute advisory.
>
===============================================================================

it's a buffer overflow. not heap i think; in the source code i can see char
buff[2]; and not malloc() or new *char[2].. if it was c++.
a lot of good texts about buffer overflows and format bugs you can see at:

http://julianor.tripod.com by juliano rizzo from core SDI.

            -honoriak

> visi0n
> AUX Technologies
> [www.aux-tech.net]
>
> On Mon, 5 Feb 2001, adeon wrote:
>
> > Hello ,
> >
> >   I've wondered (I'm beginner) on how to make a buffer overflow
> >   exploit. So, let's say that i've got suid program (compiled) and
owned
> >   by root:
> >
> >   //----- cut here
> >   #include <stdio.h>
> >
> >   char buff[2];
> >
> >   int main()
> >   {
> >         printf("Enter some letters:");
> >         scanf("%s",buff);
> >         return 0;
> >   }
> >   //---- cut here
> >
> >   Can anyone explain me how to make an exploit for it? Can anyone give
> >   some example of exploits?
> >
> >
> > --
> > Best regards,
> >  adeon                         mailto:adeon () dino open net pl
> >


_________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.
Previous By Date Next
Previous By Thread Next

Current thread: