Re: partial analysis of vulndev-1.c

From: Dana Epp (danaat_private)
Date: Tue May 13 2003 - 15:29:02 PDT

Next message: Cameron Brown: "RE: Administrivia: List Announcement"

Previous message: Wynn Fenwick: "Re: Administrivia: List Announcement"
In reply to: David R. Piegdon: "partial analysis of vulndev-1.c"
Next in thread: master of chaos - lord of mean: "Re: partial analysis of vulndev-1.c"
Next in thread: Mr. Rufus Faloofus: "Re: Administrivia: List Announcement"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

----- Original Message ----- 
> From: "David R. Piegdon" <fleshyCPUat_private>
> [...]
>
> now the question: can we use this buffer overflow?
> actually in this case not, because the allocation of the buffer is done
> with malloc. on linux at least :) malloc does not use the stack but it
> uses the HEAP.

Just because Linux may allocate the memory on the heap doesn't mean it can't
be overflowed. This is a comon misconception that bites a lot of us.
(Chances are you already know this)

You could muck with it and trick the free into overwriting arbitrary memory
locations with exploit data.  There is a pretty good paper on this over at:
http://www.w00w00.org/files/articles/heaptut.txt. Although heap overflows
are much harder to predict and architect, it is still quite possible. I
wouldn't count on the fact Linux uses the heap as a saving grace against an
attack like this.

---
Regards,
Dana M. Epp

Next message: Cameron Brown: "RE: Administrivia: List Announcement"
Previous message: Wynn Fenwick: "Re: Administrivia: List Announcement"
In reply to: David R. Piegdon: "partial analysis of vulndev-1.c"
Next in thread: master of chaos - lord of mean: "Re: partial analysis of vulndev-1.c"
Next in thread: Mr. Rufus Faloofus: "Re: Administrivia: List Announcement"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue May 13 2003 - 15:42:10 PDT