Re: [ISN] Hurwitz Group names Buffer Overflow Attacks as Threat

From: mea culpa (jerichoat_private)
Date: Thu Feb 04 1999 - 21:13:51 PST

  • Next message: mea culpa: "[ISN] Computer Subculture Faces Generational Questions"

    Reply From: Aleph One <aleph1at_private>
    
    Ack. I hate it when people announce they have solved "all buffer overflows".
    To those that are wondering what the product really does, it simply
    randomizes the stack address. This has been discussed before in BugTraq.
    Nothing new, nor does it solve all buffer overflows.
    
    Here is a section of the BugTraq FAQ (not yet released):
    
      - Randomize the stack address. As part of a standard stack overflow the
        attacker must guess the address of the code to execute. The code is
        normally placed on the stack by the attacker via the same buffer
        he is overflowing to overwrite the return address. By randomizing the
        stack address during each execve the attacker no longer has good idea
        of where his code will be placed.
    
        Pros: Only requires kernel support. Does not require recompiling.
    
        Cons: Does not address stack buffer overflow exploits that execute
        code not on the stack. Does not address data buffer overflow exploits.
    
        < http://www.greenend.org.uk/rjk/random-stack.text >
    
    In other words, it only stops your garden variety buffer overflow exploit.
    Any exploit that, for example sets up a functions args on the stack and
    then jumps to the existing code it wants to execute (like using the procedure
    linkage tables in ELF executables) will easily get around their "solution".
    
    -o-
    Subscribe: mail majordomoat_private with "subscribe isn".
    Today's ISN Sponsor: Internet Security Institute [www.isi-sec.com]
    



    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:18:09 PDT