|
Vulnerability Development
mailing list archives
RE: Buffer UNDERFLOWS: What do you know about it?
From: OUAH <supermouette () bluewin ch>
Date: Mon, 12 Jan 2004 03:30:34 +0100
hi,
I've been thinking about it for few days, Googling, looking for
papers, articles
or whatever over the internet, but there is scant material about it.
So I decided ask what you guys know about it?
there was a famous bug in Apache in the beginning-middle of 2002 (known
as apach chunked vuln) discovered
by ISS and successfully exploited by GOBBLES. If it was strictly
speaking a classical heap overflow ("overrrun"), the
way GOBBLES exploited it in openbsd systems is like a buffer "underrun".
(With the heap overflow, they can controled the last argument of a
memcpy() call. And by rending this argument negative in openbsd ,
memcpy() copy in the backward direction.)
my 2 cents about buffer underruns..
--------
OUAH
 By Date 
By Thread
Current thread:
|
Intro
