Re: Future of buffer overflows ?

On Mon, 30 Oct 2000, Thomas Dullien wrote:
> Does this mean buffer overflows and format string vulnerabilities are dead
> ?

Nope.

You can take shellcode and put it on the stack or wherever and then copy
it to an executable page (GOT, heap) with memcpy(), strcpy(), etc and then
return into that shellcode and get a shell. It isn't very difficult.
There was a thread on VULN-DEV that I participated in which explained how
to write non-exec exploits. Tim Newsham also wrote a really nice non-exec
exploit of lpset for sol7 x86 on BUGTRAQ back on May 6th which chains
together multiple libc calls -- if you're interested, i'd suggest digging
that exploit up.

For every exploitable buffer overflow on x86, there is going to be a
corresponding exploit that doesn't execute code on the stack, and isn't
that hard to write once you understand the basics.
Received on Nov 03 2000