Re: Where else?

From: Mariusz Woloszyn (emsiat_private)
Date: Mon Nov 19 2001 - 04:07:05 PST

Next message: Crist J. Clark: "Re: New bugs discovered!"

Previous message: Baba Bogdan: "Re: New bugs discovered !"
In reply to: Hung Vu: "Where else?"
Next in thread: Hung Vu: "Re: Where else?"
Reply: Hung Vu: "Re: Where else?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, 16 Nov 2001, Hung Vu wrote:

> To execute arbitrary code on a system one can overwrite:
> 	- Return addresses on the stack
> 	- function pointers
> 	- Longjump buffers
> 	- GOT tables
> 	- Dtors
> 	- _atexit stuff 
> 	- GLibc hooks
> 
Local variables and parameters on the stack (beyond RET), specialy
pointers may be sufficient to copy shellcode and pass execution to any
other rwx segments.
No wx segments means perfect security.
It's time to fix the hardware.

--
Mariusz Wołoszyn
Internet Security Specialist, Internet Partners

Next message: Crist J. Clark: "Re: New bugs discovered!"
Previous message: Baba Bogdan: "Re: New bugs discovered !"
In reply to: Hung Vu: "Where else?"
Next in thread: Hung Vu: "Re: Where else?"
Reply: Hung Vu: "Re: Where else?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Nov 19 2001 - 08:48:55 PST