Tagged Questions
32
votes
8answers
2k views
Should I bother teaching buffer overflows any more?
The students are skeptical that turning off non-executable stacks, turning off canaries and turning off ASLR represents a realistic environment. If PaX, DEP, W^X, etc., are effective at stopping ...
16
votes
2answers
1k views
How can vending machines be hacked? And how can I prevent it?
I am developing a vending machine and want to make it secure.
In a comment to my previous question, @Polynomial said "Vending machines (and similar devices) can often be pwned via buffer overflows on ...
13
votes
3answers
752 views
Bypassing Address Space Layout Randomization
How effective is ASLR in preventing arbitrary code execution in a buffer overflow type exploit? How hard is it for an attacker to bypass this without simply guessing where the addresses are?
2
votes
1answer
110 views
What other place (besides libc) attacker redirect control flow to after an attack such as buffer-overflow succeeded
I am not sure this is a right place to ask this question or not.
I want to know in previous or modern type of buffer overflow attack, when the attacker succeeded to overwrite return address, where ...
1
vote
2answers
1k views
Snort false positive?
I've set up snort and am configuring it for my network. I have one vpn server making a connection to my dns/AD server. This connection sets off:
GPL SHELLCODE x86 inc ebx NOOP
The payload is as ...
1
vote
1answer
84 views
Bypass va_randomize_space and stack-protector
Is a program compiled with the GCC -fstack-protector option and running in a Linux environment with the va_randomize_space kernel variable set to 1, totally protected against buffer overflow attacks?
...
1
vote
1answer
194 views
Determining the target address in a heap overflow
For a heap overflow to occur and arbitrary code to be executed, the function free() performs the step :
hdr->next->next->prev = hdr->next->prev
I understand that the address of ...
