Vulnerability Development mailing list archives
Re: buffer overflow - fundamentals
From: gregory duchemin <c3rb3r () HOTMAIL COM>
Date: Thu, 8 Feb 2001 15:29:26 -0000
not a heap but a data segment overflow, buff is global. Gregory.
visi0n wrote: > This is a heap overflow, look for traceroute advisory. > =============================================================================== it's a buffer overflow. not heap i think; in the source code i can see char buff[2]; and not malloc() or new *char[2].. if it was c++. a lot of good texts about buffer overflows and format bugs you can see at: http://julianor.tripod.com by juliano rizzo from core SDI. -honoriak > visi0n > AUX Technologies > [www.aux-tech.net] > > On Mon, 5 Feb 2001, adeon wrote: > > > Hello , > > > > I've wondered (I'm beginner) on how to make a buffer overflow > > exploit. So, let's say that i've got suid program (compiled) and owned > > by root: > > > > //----- cut here > > #include <stdio.h> > > > > char buff[2]; > > > > int main() > > { > > printf("Enter some letters:"); > > scanf("%s",buff); > > return 0; > > } > > //---- cut here > > > > Can anyone explain me how to make an exploit for it? Can anyone give > > some example of exploits? > > > > > > -- > > Best regards, > > adeon mailto:adeon () dino open net pl > >
_________________________________________________________________________ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.
Current thread:
- buffer overflow - fundamentals adeon (Feb 06)
- Re: buffer overflow - fundamentals erasor (Feb 06)
- Re: buffer overflow - fundamentals maillist (Feb 06)
- Re: buffer overflow - fundamentals visi0n (Feb 06)
- Re: buffer overflow - fundamentals honoriak (Feb 07)
- Re: buffer overflow - fundamentals rpc (Feb 08)
- Re: buffer overflow - fundamentals Larry W. Cashdollar (Feb 08)
- Re: buffer overflow - fundamentals honoriak (Feb 07)
- Re: buffer overflow - fundamentals Rasta C. Shell (Feb 07)
- Re: buffer overflow - fundamentals LV (Feb 07)
- <Possible follow-ups>
- Re: buffer overflow - fundamentals Robert G. Ferrell (Feb 07)
- Re: buffer overflow - fundamentals gregory duchemin (Feb 08)
- Re: buffer overflow - fundamentals visi0n (Feb 08)
- Re: buffer overflow - fundamentals honoriak (Feb 08)
- Re: buffer overflow - fundamentals jknoxville (Feb 08)