Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Firewall Wizards: Re: Obtuse smtpd

Re: Obtuse smtpd

From: Joseph S. D. Yao <jsdy_at_cospo.osis.gov>
Date: Wed, 8 Jul 1998 10:51:19 -0400 (EDT)

> PROBLEM!
...
> How do you detect one type of stack overwrite but not the other? [I
> guess I'll go read the Web page, too.] If you protect only the stack
> frame info, that takes a lot of registers - one set for each stack
> frame, with no defined maximum. If you protect the whole stack, you
> can't use data on it as read-write data.

I went and read it.

Apparently, they only protect the return address in the most recent
stack frame. This still allows for problems ... especially if I
overrun a buffer that was passed as an argument, or is otherwise
available from a previous stack frame. 

--
Joe Yao				jsdy_at_cospo.osis.gov - Joseph S. D. Yao
COSPO Computer Support						EMT-A/B
-----------------------------------------------------------------------
This message is not an official statement of COSPO policies.
Received on Jul 08 1998
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos