Vulnerability Development: Re: Where else?

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Vulnerability Development mailing list archives

Re: Where else?

From: Mariusz Woloszyn <emsi () ipartners pl>
Date: Mon, 19 Nov 2001 13:07:05 +0100 (EET)

On Fri, 16 Nov 2001, Hung Vu wrote:

To execute arbitrary code on a system one can overwrite:
      - Return addresses on the stack
      - function pointers
      - Longjump buffers
      - GOT tables
      - Dtors
      - _atexit stuff 
      - GLibc hooks

Local variables and parameters on the stack (beyond RET), specialy
pointers may be sufficient to copy shellcode and pass execution to any
other rwx segments.
No wx segments means perfect security.
It's time to fix the hardware.

--
Mariusz Wołoszyn
Internet Security Specialist, Internet Partners

By Date By Thread

Current thread:

Where else? Hung Vu (Nov 16)
- Re: Where else? Michel Arboi (Nov 18)
- Re: Where else? Justin Lundy (Nov 18)
- Re: Where else? dullien (Nov 18)
- Re: Where else? Pavel Kankovsky (Nov 18)
- Re: Where else? Mariusz Woloszyn (Nov 19)
  - Re: Where else? Hung Vu (Nov 20)