Vulnerability Development mailing list archives

Re: Exploiting Buffer Overflows on Compaq Tru64 and No-Exec Stack

From: "- OUAH -" <ouah_ () hotmail com>
Date: Fri, 17 May 2002 21:13:30 +0800

If you can control another buffer which is executable (maybe in bss or heapin tru64?) you can jump into. Even if there are NULL bytes in 64 btyesadress, DEC alpha is Little Endian so it is possible in many cases (likewith Linux Alpha) to overwrite the retaddr with ONE address (but only one,it's the reason RET-into-libc arent possibles).

I know there some shellcodes for digital unix. The shellode is encoded andthen decoded to contains any NULL bytes.



OUAH

http://ouah.sysdoor.net

_________________________________________________________________

Discutez en ligne avec vos amis, essayez MSN Messenger :http://messenger.msn.com

Current thread:

Exploiting Buffer Overflows on Compaq Tru64 and No-Exec Stack helmut schmidt (May 16)
- Re: Exploiting Buffer Overflows on Compaq Tru64 and No-Exec Stack Valdis . Kletnieks (May 16)
  - Re: Exploiting Buffer Overflows on Compaq Tru64 and No-Exec Stack KF (May 16)
  - Re: Exploiting Buffer Overflows on Compaq Tru64 and No-Exec Stack K2 (May 16)
- <Possible follow-ups>
- RE: Exploiting Buffer Overflows on Compaq Tru64 and No-Exec Stack Sam Pointer (May 16)
- Re: Exploiting Buffer Overflows on Compaq Tru64 and No-Exec Stack dev-null (May 16)
- Re: Exploiting Buffer Overflows on Compaq Tru64 and No-Exec Stack Muhammad Faisal Rauf Danka (May 17)
- Re: Exploiting Buffer Overflows on Compaq Tru64 and No-Exec Stack - OUAH - (May 17)