There has also been shellcode which will listen on a port, and accept data which it will then execute as shell code thus nullifying the need to have more buffer space then what is neccessary to execve /bin/sh. Cheers, -Jove On Wed, 22 May 2002, Andreas Ferber wrote: > On Wed, May 22, 2002 at 03:48:16PM +1200, Jason Haar wrote: > > > > Most buffer overflows I've seen attempt to infiltrate the system enough to > > run /bin/sh. In chroot'ed environments, /bin/sh doesn't (shouldn't!) exist - > > so they fail. > > > > Is it as simple as that? As 99.999% of the system binaries aren't available > > in the jail, can a buffer overflow ever work? > > The buffer overflow still works as expected (the bug is in the daemon, > not in /bin/sh), though the shellcode used in most precooked exploits > doesn't work. If the buffer is large enough so that the attacker can > place more code than just an exec("/bin/sh") into it, he can still do > all nasty things inside the bounds of the jail (e.g. uploading his own > shell and executing that one ;-) > > Andreas > -- > Andreas Ferber - dev/consulting GmbH - Bielefeld, FRG > --------------------------------------------------------- > +49 521 1365800 - afat_private - www.devcon.net >
This archive was generated by hypermail 2b30 : Thu May 23 2002 - 21:00:02 PDT