RE: Buffer UNDERFLOWS: What do you know about it?

[OUAH <supermouette () bluewin ch>]

hi,

> I've been thinking about it for few days, Googling, looking for
papers, articles
> or whatever over the internet, but there is scant material about it.
> So I decided ask what you guys know about it?

there was a famous bug in Apache in the beginning-middle of 2002 (known
as apach chunked vuln) discovered
by ISS and successfully exploited by GOBBLES. If it was strictly
speaking a classical heap overflow ("overrrun"), the
way GOBBLES exploited it in openbsd systems is like a buffer "underrun".
(With the heap overflow, they can controled the last argument of a
memcpy() call.  And by rending this argument negative in openbsd ,
memcpy() copy in the backward direction.)

my 2 cents about buffer underruns..

--------
OUAH