On Wed, 20 Nov 2002 bukysat_private wrote: Hi, Maybe with threads where one thread can smash other threads stack that way. Other thread then may jump into that loop too. :) Unfortunally infinite recursion will crash very soon, so you need special trick like the function arguments that are pushed on stack should contain adresses the other thread is then using for retaddr or saved ebp. Its asking for headache but I assume you can somehow do it with threads. Sebastian > While a recursion-induced stack overflow can obviously lead to a > denial-of-service attack, are there any examples of it being turned > into an opportunity for remote execution? > > NOTE that I'm talking about a RECURSION stack overflow, NOT a buffer > overflow of some stack variables. > > Ideas would be very welcome. > > Liudvikas Bukys > University of Rochester > -- ~ ~ perl self.pl ~ $_='print"\$_=\47$_\47;eval"';eval ~ krahmerat_private - SuSE Security Team ~
This archive was generated by hypermail 2b30 : Sun Nov 24 2002 - 13:37:11 PST