('binary' encoding is not supported, stored as-is) Mailer: SecurityFocus I am doing a remote overflow experiment on solaris 2.7 /w sparcV9. my RPC server have a buffer overflow bug in stack, my rpc client will pass a long binary code(with hacking code inside) to the server. Part of the binary will overflow the buffer and overwrite the return address, the other part of binary contains the hacking code downloaded from lsd-pl (findsck and shell code) and resides in the heap area. Once the overflow happen, the control supposed to be transfered to the heap area and run from there. With adb/truss tracing the RPC server, I can see the control was indeed transferred to the heap and run from there, but if I let the RPC server run freely, the process seem to skip the hacking code in heap. My questions are: Why control didn't transfer? IS heap also disable from running code? Or process under adb run differently from realtime?
This archive was generated by hypermail 2b30 : Mon Oct 29 2001 - 14:17:34 PST