Vulnerability Development mailing list archives
Re: partial analysis of vulndev-1.c
From: <andrewg () d2 net au>
Date: Wed, 14 May 2003 13:41:37 +1000 (EST)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 actually, during debugging i used a modified version with #define SIZE 10. this one did not produce a SIGSEGV. when realising that others were able to produce one (Nexus for example), i checked the unmodified. it produces a SIGSEGV. does someone know, why the modified does not produce one?
Without looking and finding the original mail, it sounds like an off by one malloc overflow. So to exploit that, iirc, its padding[fake fwd][fake bck]padding[amount to reach the fake chunk backwards. So it would be something like \xf8 or whatever you decide to use. Hope this helps, Andrew Griffiths
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux) iD8DBQE+wX0jWCFHEwXrEHMRAgx0AJ9o2sXADTflZWLOkDwyUn+FueY3EgCdF5Ck RnHpQsRiuedObaBlLM50xU0=MI0H -----END PGP SIGNATURE-----
Current thread:
- Re: Administrivia: List Announcement, (continued)
- Re: Administrivia: List Announcement Wojciech Purczynski (May 14)
- Re: Administrivia: List Announcement Luciano Miguel Ferreira Rocha (May 14)
- vulndev-1.c challenge (was Re: Administrivia: List Announcement) Bennett Todd (May 13)
- Re: Administrivia: List Announcement Bernie Cosell (May 13)
- Re: Administrivia: List Announcement Valdis . Kletnieks (May 15)
- partial analysis of vulndev-1.c David R. Piegdon (May 13)
- Re: partial analysis of vulndev-1.c Dana Epp (May 13)
- Re: partial analysis of vulndev-1.c master of chaos - lord of mean (May 13)
- RE: partial analysis of vulndev-1.c David Schwartz (May 13)
- Re: partial analysis of vulndev-1.c Nexus (May 14)
- Re: partial analysis of vulndev-1.c andrewg (May 13)
- Re: Administrivia: List Announcement Mr. Rufus Faloofus (May 13)
- RE: Administrivia: List Announcement Cameron Brown (May 13)
- RE: Administrivia: List Announcement Shafik Yaghmour (May 13)
- RE: Administrivia: List Announcement Cameron Brown (May 13)
- RE: Administrivia: List Announcement andrewg (May 13)
- RE: Administrivia: List Announcement Shafik Yaghmour (May 13)
- Re: vulndev1.c solution (warning SPOILER) Jose Ronnick (May 13)
- RE: vulndev1.c solution (warning SPOILER) Cameron Brown (May 14)
- Re: vulndev1.c solution (warning SPOILER) Jon Erickson (May 14)
- RE: vulndev1.c solution (warning SPOILER) Cameron Brown (May 15)
- Re: vulndev1.c solution (warning SPOILER) Kenji Cronos (May 15)