mailing list archives
Using Environment for returning into Lib C
From: "Elie aka \"Lupin\" Bursztein" <elie () bursztein net>
Date: Tue, 26 Feb 2002 19:27:59 -0800
This advisory intends to present a new way to make a return to lib C exploit.
By using the environment variables one could easily exploit a buffer
overflow with the return into lib C technic.
If we make an analogy with the shellcode technic :
the \x20 act as \x90. For the system() function the sting "/bin/sh/" is equal
to " /bin/sh".
the return address overflowed is the system() address.
the arg address will be our variables environment address.
It give flexibility to the arg passed and help to chaining the return to lib C.
Related article describing this technic and example source code :
This technic should open a new range of exploits using the return into lib C.
Elie aka "Lupin" Bursztein
icq : 32228319
mail : elie () bursztein net
web : www.bursztein.net
"Simplicity is difficulty"
- Using Environment for returning into Lib C Elie aka \"Lupin\" Bursztein (Feb 28)