Re: Exploiting Buffer Overflows on Compaq Tru64 and No-Exec Stack

From: - OUAH - (ouah_at_private)
Date: Fri May 17 2002 - 06:13:30 PDT

Next message: E M: "Sonicwall SOHO Content Blocking Script Injection, LogFile Denial of Service"

Previous message: Valdis.Kletnieksat_private: "Re: PDF modifications?"
Maybe in reply to: helmut schmidt: "Exploiting Buffer Overflows on Compaq Tru64 and No-Exec Stack"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

If you can control another buffer which is executable (maybe in bss or heap 
in tru64?) you can jump into. Even if there are NULL bytes in 64 btyes 
adress, DEC alpha is Little Endian so it is possible in many cases (like 
with Linux Alpha) to overwrite the retaddr with ONE address (but only one, 
it's the reason RET-into-libc arent possibles).

I know there some shellcodes for digital unix. The shellode is encoded and 
then decoded to contains any NULL bytes.


OUAH

http://ouah.sysdoor.net

_________________________________________________________________
Discutez en ligne avec vos amis, essayez MSN Messenger : 
http://messenger.msn.com

Next message: E M: "Sonicwall SOHO Content Blocking Script Injection, LogFile Denial of Service"
Previous message: Valdis.Kletnieksat_private: "Re: PDF modifications?"
Maybe in reply to: helmut schmidt: "Exploiting Buffer Overflows on Compaq Tru64 and No-Exec Stack"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri May 17 2002 - 09:18:06 PDT