Mariusz Woloszyn wrote: > > Does anyone successfuly exploited any format string vulnerability on > PA-RISC architecture (on any other archjitecture with aligned memory > access)??? Yes and there are publicly available exploits for these architectures (wuftpd site exec, irix telnetd) > I mean: does architecture here prevents from exploiting it? > Format string exploitation using %n requires (let's say) 4 unaligned > memory writes to overwrite address in memory. If i try to write to > unaligned address i'm getting SIGBUS. > Actually, you have several ways to write values to memory using format strings, you can use one %n, four %n, two %hn, etc. Different combinations of these format modifiers will let you overcome the limitations you proposed. --- for a personal reply use: Juliano Rizzo <juliano.rizzoat_private>
This archive was generated by hypermail 2b30 : Wed Nov 28 2001 - 16:41:19 PST