Home page logo
/

pen-test logo Penetration Testing mailing list archives

Re: Re: Buffer Overflow Help
From: Matt Woodyard <woodyard () sdgky com>
Date: 14 Aug 2002 22:27:02 -0400

Is this not related to wide-character unices? I seem to recall that when
I ran through this tutorial having a unicode enabled glibc messed with
it pretty bad.

On Mon, 2002-08-12 at 13:55, Ali Saifullah Khan wrote:
Yes, you're right chris.
the distance calculated also depends on the gcc version used to 
produce the assembley code viewed to calculate the distance on the 
stack moved.

versions of gcc later than ...91 seem to be showing different 
activity.....like skipping 8 bytes instead of 4 for the same 
purpose if i may recall.

please do check up on that last statement....i maybe wrong about 
the # of bytes skipped.

Thankyou.

On Wed, 31 Jul 2002 Chris Hall wrote :
   There was a thread on the vuln-dev list about this very same 
issue. I believe the distance calculated depends
on the enviornment , ( ie: 8,16,32,64 bit systems )


http://online.securityfocus.com/archive/82/266675/2002-03-30/2002-04-05/1


-- Chris

Leonard Leblanc wrote:

Hello All,

I am trying to experience buffer overflows first hand. I have 
glanced at a
number of articles and have decided to focus on "Smashing the 
Stack for Fun
and Profit" from Phrack Issue 49. I am trying out the examples 
from the text
and when I get to example 3 (which is the first real overflow 
example) it
doesn't quite work and I'm having a little trouble figuring it 
out.

The following example should bypass the "x=1" statement and 
print the
original value of "x" which is 0 (zero). Here's the code.

-=-=-=-=-=-=-=-=-=-=-=-=-=
void function(int a, int b, int c) {
 char buffer1[5];
 char buffer2[10];
 int *ret;

 ret = buffer1 + 12;
 (*ret) += 8;
}

void main() {
 int x;

 x=0;
 function(1,2,3);
 x=1;
 printf("%d\n",x);
}
-=-=-=-=-=-=-=-=-=-=-=-=

When I compile and execute this code it displays one and exits. 
I have tryed
this on RedHat 7.3 and Debian 2.2r6, both giving me the same 
result. Does
anyone have any insight into why this wouldn't work? After 
looking into the
assembly behind it, I think it has something to do with the 
"word size", but
can't seem to find any information as to what the "word size" is 
in Debian
or RedHat.

Any and All comments/suggestions are more than welcome. Also if 
anyone knows
of some other good text files/documents that talk about buffer 
overflows I
would be happy to receive links.

Leonard Leblanc






----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence 
Alert (SIA)
Service. For more information on SecurityFocus' SIA service 
which
automatically alerts you to the latest security vulnerabilities 
please see:
https://alerts.securityfocus.com/



Ali Saifullah Khan,
Project Administrator,
ConnPROBE Intrusion Detection System.
__________________________________________________________
Give your Company an email address like
ravi @ ravi-exports.com.  Sign up for Rediffmail Pro today!
Know more. http://www.rediffmailpro.com/signup/


----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

-- 
Matt Woodyard (0x8659BAA7)
CISSP
SDG - Security Analyst
My other computer is in Russia.
8592637344x133
33


----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]