New PDF release: A Buffer Overflow Study - Attacks and Defenses

By Pierre-Alain, Vincent Glaume

Show description

Read Online or Download A Buffer Overflow Study - Attacks and Defenses PDF

Similar nonfiction_2 books

Charles Capper's Margaret Fuller: An American Rom Life, Vol. 1: The Private PDF

With this primary quantity of a two-part biography of the Transcendentalist critic and feminist chief, Margaret Fuller, Capper has introduced the optimum glossy biography of early America's best-known highbrow girl. in accordance with a radical exam of all of the first-hand assets, a lot of them by no means earlier than used, this quantity is stuffed with unique graphics of Fuller's various pals and co-workers and the influential pursuits that enveloped them.

New PDF release: Secret Toronto: The Unique Guidebook to Toronto's Hidden

This unique advisor leads tourists faraway from the crushed route to discover Toronto's best-kept secrets and techniques. From imprecise museums and neglected local treasures to tucked-away eco-friendly areas and unique ethnic delicacies, those little-known locations yield giant rewards for the extra adventurous tourist. The soul of this cosmopolitan urban is highlighted via hotspots the place viewers can research Latin dancing at evening, disco after hours, and lease a personal dungeon at an S&M bed-and-breakfast.

Additional info for A Buffer Overflow Study - Attacks and Defenses

Sample text

Terminating /home/glaume/Secu/Tests/Protection/stack1. uid=1001 euid=0 pid=295 Call stack: 0x40018534 0x40018654 0x80484fc 0x4003c65a Overflow caused by strcpy() Killed glaume@dante:~/Secu/Tests/Protection$ This attack uses the strcpy function, that is why libsafe detects it. /heap2 Trace/breakpoint trap 63 None of these heap attacks takes advantage of a vulnerable libc function which is re-written by Libsafe, the exploits are successful. /stack1 Segmentation fault glaume@dante:~/Secu/Tests/Protection$ The instructions of the shellcode have been placed in the stack; they cannot be executed.

We just have a much more basic shellcode than before, as it is a one-byte instruction, \xCC. /heap2 Trace/breakpoint trap As expected, this unprotected system is vulnerable to our basic exploits. /stack1 Detected an attempt to write across stack boundary. Terminating /home/glaume/Secu/Tests/Protection/stack1. uid=1001 euid=0 pid=295 Call stack: 0x40018534 0x40018654 0x80484fc 0x4003c65a Overflow caused by strcpy() Killed glaume@dante:~/Secu/Tests/Protection$ This attack uses the strcpy function, that is why libsafe detects it.

In the first loop, large string is filled with four-byte words containing the address of the buffer to overflow (buffer). In the second loop, the shellcode is copied into large string. At this stage, large string consists of shellcode + address of buffer. Then the vulnerable function strcpy is called. When the main returns, the instructions in buffer will be executed, because the return address has been previously overwritten, and now contains a pointer to buffer. The SUID bit and the root ownership of the binary are only a way to show how dangerous it may be, we mainly focus on the overflow here.

Download PDF sample

A Buffer Overflow Study - Attacks and Defenses by Pierre-Alain, Vincent Glaume


by Jeff
4.1

Rated 4.24 of 5 – based on 7 votes