CERT Advisory CA-2001-16
Chris Janicki
Janicki at ia-inc.com
Wed Jul 4 10:19:38 EDT 2001
Robert & Derek,
Excellent answers! Thanks guys.
I wonder if this is a good argument for implementing network services in
Java?
Chris
>>>>>>>>>>>>>>>>>> Original Message <<<<<<<<<<<<<<<<<<
On 7/3/01, 11:20:12 PM, Derek Martin <ddm at pizzashack.org> wrote regarding
Re: CERT Advisory CA-2001-16:
> On Wed, Jul 04, 2001 at 01:11:20AM +0000, Chris Janicki wrote:
> > Rookie question: How is it possible for a buffer overflow to allow
> > access? Does the overflow automatically provide a shell? Or does it put
> > the process in some debugging mode with remote privileges?
> The short, oversimplified answer is that a buffer overflow allows an
> attacker to overwrite the return address of a function with a value
> that they have inserted into the buffer, which if done carefully will
> cause the code they've inserted into that buffer to be executed.
> For the long answer and a much more detailed explanation of how it
> works, see the wonderful paper by Aleph One called "Smashing The Stack
> For Fun And Profit" which can be found everywhere via web search, or
> for the exceptionally lazy (like myself) here:
> http://immunix.org/StackGuard/profit.html
> Another good reference is this one:
> http://members.tripod.com/mixtersecurity/exploit.txt
> And if you really need details, try this one:
> http://destroy.net/~nate/machines/security/nate-buffer.ps
> You will probably need at least a basic understanding of assembly
> language and C to follow these.
> --
> ---------------------------------------------------
> Derek Martin | Unix/Linux geek
> ddm at pizzashack.org | GnuPG Key ID: 0x81CFE75D
> Retrieve my public key at http://pgp.mit.edu
> -
> Subcription/unsubscription/info requests: send e-mail with
> "subscribe", "unsubscribe", or "info" on the first line of the
> message body to discuss-request at blu.org (Subject line is ignored).
-
Subcription/unsubscription/info requests: send e-mail with
"subscribe", "unsubscribe", or "info" on the first line of the
message body to discuss-request at blu.org (Subject line is ignored).
More information about the Discuss
mailing list