|
Penetration Testing
mailing list archives
Re: Re: Buffer Overflow Help
From: Matt Woodyard <woodyard () sdgky com>
Date: 14 Aug 2002 22:27:02 -0400
Is this not related to wide-character unices? I seem to recall that when
I ran through this tutorial having a unicode enabled glibc messed with
it pretty bad.
On Mon, 2002-08-12 at 13:55, Ali Saifullah Khan wrote:
Yes, you're right chris.
the distance calculated also depends on the gcc version used to
produce the assembley code viewed to calculate the distance on the
stack moved.
versions of gcc later than ...91 seem to be showing different
activity.....like skipping 8 bytes instead of 4 for the same
purpose if i may recall.
please do check up on that last statement....i maybe wrong about
the # of bytes skipped.
Thankyou.
On Wed, 31 Jul 2002 Chris Hall wrote :
There was a thread on the vuln-dev list about this very same
issue. I believe the distance calculated depends
on the enviornment , ( ie: 8,16,32,64 bit systems )
http://online.securityfocus.com/archive/82/266675/2002-03-30/2002-04-05/1
-- Chris
Leonard Leblanc wrote:
Hello All,
I am trying to experience buffer overflows first hand. I have
glanced at a
number of articles and have decided to focus on "Smashing the
Stack for Fun
and Profit" from Phrack Issue 49. I am trying out the examples
from the text
and when I get to example 3 (which is the first real overflow
example) it
doesn't quite work and I'm having a little trouble figuring it
out.
The following example should bypass the "x=1" statement and
print the
original value of "x" which is 0 (zero). Here's the code.
-=-=-=-=-=-=-=-=-=-=-=-=-=
void function(int a, int b, int c) {
char buffer1[5];
char buffer2[10];
int *ret;
ret = buffer1 + 12;
(*ret) += 8;
}
void main() {
int x;
x=0;
function(1,2,3);
x=1;
printf("%d\n",x);
}
-=-=-=-=-=-=-=-=-=-=-=-=
When I compile and execute this code it displays one and exits.
I have tryed
this on RedHat 7.3 and Debian 2.2r6, both giving me the same
result. Does
anyone have any insight into why this wouldn't work? After
looking into the
assembly behind it, I think it has something to do with the
"word size", but
can't seem to find any information as to what the "word size" is
in Debian
or RedHat.
Any and All comments/suggestions are more than welcome. Also if
anyone knows
of some other good text files/documents that talk about buffer
overflows I
would be happy to receive links.
Leonard Leblanc
----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence
Alert (SIA)
Service. For more information on SecurityFocus' SIA service
which
automatically alerts you to the latest security vulnerabilities
please see:
https://alerts.securityfocus.com/
Ali Saifullah Khan,
Project Administrator,
ConnPROBE Intrusion Detection System.
__________________________________________________________
Give your Company an email address like
ravi @ ravi-exports.com. Sign up for Rediffmail Pro today!
Know more. http://www.rediffmailpro.com/signup/
----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
--
Matt Woodyard (0x8659BAA7)
CISSP
SDG - Security Analyst
My other computer is in Russia.
8592637344x133
33
----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
 By Date 
By Thread
Current thread:
|
Intro
