A buffer overflow, or buffer overrun, is an anomaly where a program, while writing data to a buffer, overruns the buffer's boundary and overwrites adjacent memory.
4
votes
2answers
188 views
How to get this to buffer overflow?
I'm trying to understand buffer overflow, and am working with a simple piece of code, as below.
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
int bof(char *str)
{
...
1
vote
0answers
112 views
Stack smashing keep getting segmentation fault
I have a homework assignment to do stack smashing,
The exploit code creates a badfile in which the vulnerable file reads and buffer over flow occurs.
I have already did the 2 commands below to ...
2
votes
1answer
106 views
How to completely prevent bufferoverflows in networking software?
Is that possible to make software which is not vulnerable to any type of buffer overflow? For example, a software that receives data packets and transfers it to destination after data analysis.
1
vote
0answers
52 views
Determining the target address in a heap overflow
For a heap overflow to occur and arbitrary code to be executed, the function free() performs the step :
hdr->next->next->prev = hdr->next->prev
I understand that the address of ...
7
votes
3answers
237 views
Stack Overflows - Defeating Canaries, ASLR, DEP, NX
To prevent buffer overflows, there are several protections available such as using Canary values, ASLR, DEP, NX. But, where there is a will, there is a way. I am researching on the various methods an ...
6
votes
4answers
236 views
Why don't computers check whether there are memory contents in some memory space?
Buffer overflow occurs because it writes to memory spaces that are used by, or will be used by other parts of the program.
Computer programs usually write to the memorylocation that has been ...
1
vote
1answer
141 views
Any reasons to why not use randomize_va_space?
I've been looking a bit into kernel options for hardening, and there is one that seems to be a good idea to deploy - randomize_va_space. But before I activate that feature I started a google search, ...
9
votes
1answer
130 views
AMD64 overflows and null bytes
In the past, I have managed to overflow my own vulnerable programs, and those of others, but only ever in a 32bit environment. Every time I try even a simple stack smash on a 64bit machine, I run into ...
1
vote
1answer
45 views
Dangers of a vulnerability in a local installer?
I sent a message to my dev manager about a buffer overflow in our (widely distributed) installer, and received a response that it didn't matter as it wasn't server code.
Other than the fact that if ...
2
votes
1answer
138 views
What to do next for this possible buffer overflow?
I've been instructed to test a few of our newer applications before user release, and managed to find a buffer overflow on one of the fields.
Here is where I've run into a brick wall though, and ...
3
votes
1answer
119 views
buffer/heap overflow - register of what is executed
When buffer overflow/heap overflow is executed, is EIP the one that tells which part will be executed next? Also, when exploiting the part that has buffer overflow vulnerability, after execution, will ...
3
votes
1answer
61 views
php_register_variable_ex vulnerability question
Vulnerability I am referring to is:
http://www.securityfocus.com/bid/51830
And here in more detail:
http://auntitled.blogspot.com/2012/02/mini-poc-for-php-rce-cve-2012-0830.html
So basically what ...
0
votes
1answer
462 views
Snort false positive?
I've set up snort and am configuring it for my network. I have one vpn server making a connection to my dns/AD server. This connection sets off:
GPL SHELLCODE x86 inc ebx NOOP
The payload is as ...
5
votes
1answer
202 views
Sulley - optional element and command check
I'm currently using Sulley to fuzz my FTP server, but I'm having problems. I want to specify the STRU command, which has a syntax:
STRU [<SP> F|R|P] <CRLF>
I tried to specify the ...
1
vote
1answer
401 views
Finding environment variables with gdb, to exploit a buffer overflow
I have to exploit a very simple buffer overflow in a vulnerable C++ program for an assignment and I am not being able to find the environment variable SHELL.
I have never worked with BoF before, and ...
