Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: buffer overflow - fundamentals

From: rpc <h () ckz org>
Date: Thu, 8 Feb 2001 00:42:55 UTC
visi0n is correct. this is a heap overflow because the variable is global, thus
stored in the .bss section. this was probably not what the original author
intended.

--rpc

On Wed, 7 Feb 2001 20:35:22 +0100, honoriak said:


visi0n wrote:

 >         This is a heap overflow, look for traceroute advisory.
 > ===============================================================================

 it's a buffer overflow. not heap i think; in the source code i can see char
 buff[2]; and not malloc() or new *char[2].. if it was c++.
 a lot of good texts about buffer overflows and format bugs you can see at:

 http://julianor.tripod.com by juliano rizzo from core SDI.

             -honoriak

 > visi0n
 > AUX Technologies
 > [www.aux-tech.net]
 >
 > On Mon, 5 Feb 2001, adeon wrote:
 >
 > > Hello ,
 > >
 > >   I've wondered (I'm beginner) on how to make a buffer overflow
 > >   exploit. So, let's say that i've got suid program (compiled) and owned
 > >   by root:
 > >
 > >   //----- cut here
 > >   #include <stdio.h>
 > >
 > >   char buff[2];
 > >
 > >   int main()
 > >   {
 > >         printf("Enter some letters:");
 > >         scanf("%s",buff);
 > >         return 0;
 > >   }
 > >   //---- cut here
 > >
 > >   Can anyone explain me how to make an exploit for it? Can anyone give
 > >   some example of exploits?
 > >
 > >
 > > --
 > > Best regards,
 > >  adeon                         mailto:adeon () dino open net pl
 > >
Previous By Date Next
Previous By Thread Next

Current thread: