CERT Advisory CA-2001-16

Chris Janicki Janicki at ia-inc.com
Wed Jul 4 10:19:38 EDT 2001


Robert & Derek,

Excellent answers!  Thanks guys.

I wonder if this is a good argument for implementing network services in 
Java?

Chris

>>>>>>>>>>>>>>>>>> Original Message <<<<<<<<<<<<<<<<<<

On 7/3/01, 11:20:12 PM, Derek Martin <ddm at pizzashack.org> wrote regarding 
Re: CERT Advisory CA-2001-16:


> On Wed, Jul 04, 2001 at 01:11:20AM +0000, Chris Janicki wrote:

> > Rookie question:  How is it possible for a buffer overflow to allow
> > access?  Does the overflow automatically provide a shell?  Or does it put
> > the process in some debugging mode with remote privileges?

> The short, oversimplified answer is that a buffer overflow allows an
> attacker to overwrite the return address of a function with a value
> that they have inserted into the buffer, which if done carefully will
> cause the code they've inserted into that buffer to be executed.

> For the long answer and a much more detailed explanation of how it
> works, see the wonderful paper by Aleph One called "Smashing The Stack
> For Fun And Profit" which can be found everywhere via web search, or
> for the exceptionally lazy (like myself) here:

>   http://immunix.org/StackGuard/profit.html

> Another good reference is this one:

>   http://members.tripod.com/mixtersecurity/exploit.txt

> And if you really need details, try this one:

>   http://destroy.net/~nate/machines/security/nate-buffer.ps

> You will probably need at least a basic understanding of assembly
> language and C to follow these.

> --
> ---------------------------------------------------
> Derek Martin          |   Unix/Linux geek
> ddm at pizzashack.org    |   GnuPG Key ID: 0x81CFE75D
> Retrieve my public key at http://pgp.mit.edu

> -
> Subcription/unsubscription/info requests: send e-mail with
> "subscribe", "unsubscribe", or "info" on the first line of the
> message body to discuss-request at blu.org (Subject line is ignored).
-
Subcription/unsubscription/info requests: send e-mail with
"subscribe", "unsubscribe", or "info" on the first line of the
message body to discuss-request at blu.org (Subject line is ignored).



More information about the Discuss mailing list