The stack-overflow tag has no usage guidance.
33
votes
3answers
8k views
How big is a canary word on Linux, typically?
A canary word is a sequence of bits placed at the boundary between a buffer (such as a stack) and control data in a program, as a way of detecting and reacting to buffer overflows.
How many bits long ...
1
vote
1answer
25 views
Restoring the stack frame after payload is executed
Is it possible to restore the stack frame so that the EIP returns to the place that is was at(before the overflow) after a payload has been executed?
If a stack frame is overflowed and the payload ...
0
votes
2answers
198 views
Why must a ret2libc attack follow the order "system(),exit(),command?
In a ret2libc attack, I understand that the return address can be overwritten with the address of the system command, which takes a command string as an argument. In this case, shouldn't the address ...
2
votes
2answers
79 views
Can one prevent stack overflow by storing strings in memory backwards?
Normal use:
------(buffer)------ --(ret)---
DDDDDDDDEEEEEEEEEEEE EEEE FFFF
89ABCDEF0123456789AB CDEF 0123
this is a string\0 bff5 a400
Stack overflowed:
------(buffer)------ --(...
2
votes
3answers
197 views
If the stack grows downwards, how can a buffer overflow overwrite content above the variable?
I realize how a buffer overflow works but I have a problem understanding the direction in which the overflow is directed. So if the stack grows downwards, that means that the return address is above ...
0
votes
0answers
87 views
Is it possible to bypass stack protector (SSP)?
is it possible to exploit a simple stack buffer overflow vulnerability with stack smashing protector enabled? For example, this line of code code is vulnerable to a stack buffer overflow, is it ...
