Vulnerability Development: Re: Where else?

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Vulnerability Development mailing list archives

Re: Where else?

From: Justin Lundy <jbl () subterrain net>
Date: Sat, 17 Nov 2001 08:18:24 -0800

Also,

Procedure linkage table (PLT) entries.

-jbl

On Fri, Nov 16, 2001 at 11:07:12PM -0500, Hung Vu wrote:

To execute arbitrary code on a system one can overwrite:
      - Return addresses on the stack
      - function pointers
      - Longjump buffers
      - GOT tables
      - Dtors
      - _atexit stuff 
      - GLibc hooks

Where else?

Hung.


-- 
"Paper money eventually returns to its intrinsic value - zero." -Voltaire       
HTTP: www.subterrain.net/~jbl/ % GPG key: www.subterrain.net/~jbl/jbl.gpg       
%% GPG key fingerprint: 7F63 6DF4 B2F8 31F7 5219 8E0B 602F C8C8 D77E FFDF

By Date By Thread

Current thread:

Where else? Hung Vu (Nov 16)
- Re: Where else? Michel Arboi (Nov 18)
- Re: Where else? Justin Lundy (Nov 18)
- Re: Where else? dullien (Nov 18)
- Re: Where else? Pavel Kankovsky (Nov 18)
- Re: Where else? Mariusz Woloszyn (Nov 19)
  - Re: Where else? Hung Vu (Nov 20)