Security Basics mailing list archives
Re: Integer & Heap overflows?
From: Ron <iago () valhallalegends com>
Date: Thu, 16 Dec 2004 15:53:43 -0600
The book "Hacking: Art of Exploitation" (ISBN: 1593270070) goes into heap overflows, including an example of how to create a root account using a simple one. He also describes shellcode, stack overflows, and format string vulnerabilities, among many other things. Definately a very good read, highly recommended.
There is a paper on www.phrack.org (one of the last couple issues) that describes Integer overflows in excrutiating details.
Off-by-one, I'm not sure where you can find any information, but all that means is that a program is reading past the end of a list because they start at 1 instead of 0 or vice versa. I don't know much about exploiting it, though, sorry I can't help you there.
If you want a quick definition of Heap overflows, all it means is that you read or write past the end of allocated memory into another piece of allocated memory, belonging to a different variable. That's all it is.
Loptr Chaote wrote:
Hello! I was wondering if anyone have good papers/websites lying around describing how Integer overflows and Heap overflows (and also the "off-by-one"[?] bug, if that is not the same as integer overflow). I have found several good ones on stack smashing/regular buffer overflows, but very little on the above mentioned. Best regards Loptr Chaote
Current thread:
- Integer & Heap overflows? Loptr Chaote (Dec 16)
- Re: Integer & Heap overflows? Ron (Dec 16)
- Re: Integer & Heap overflows? jnf (Dec 17)
- Re: Integer & Heap overflows? jnf (Dec 16)
- Re: Integer & Heap overflows? Konstantin Rozinov (Dec 17)
- Re: Integer & Heap overflows? Ron (Dec 16)