Vulnerability Development: Re: problem in off by one overflow

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Vulnerability Development mailing list archives

Re: problem in off by one overflow

From: Alex <alex00882007 () gmail com>
Date: Mon, 7 Feb 2005 20:01:13 +0000

On Mon, 07 Feb 2005 09:08:45 -0800 (PST), Breno Pinto
<breno () secforum com br> wrote:



Hi,

I have problem to exploit an off by one vulnerability. When i overwrite ebp with some data and i´t point to my NOPS, 
i receive an SIGSEGV message.

SIGSEGV message in 0x90909090 ??

I´m using red hat 7.3 and gcc 2.95.

Anybody knows why 0x90909090 broke my exploitation ?

Thanks


Breno

Is eip pointing to 0x90909090? The problem is quite simple. 
The base pointer is not over-written with the address of the
destination. Instead, it should be over-written with a pointer to the
address of your destination.

The EIP you see there is most likely the first 4 bytes of your
shellcode, NOP=0x90 on x86 intel.

By Date By Thread

Current thread:

problem in off by one overflow Breno Pinto (Feb 07)
- Re: problem in off by one overflow Alex (Feb 07)
- <Possible follow-ups>
- RE: problem in off by one overflow Steven Alexander (Feb 07)