Format String Vulnerabilities

From: Mike Gibson (micheal.gibson@gmail.com)
Date: Fri May 18 2007 - 14:22:05 EDT

Next message: Thor (Hammer of God): "Re: Sneaking a peek on Wlan in airports"
Previous message: killy: "Re: Re: Sneaking a peek on Wlan in airports"
Next in thread: andy.x.johnson@cummins.com: "Re: Format String Vulnerabilities"
Maybe reply: andy.x.johnson@cummins.com: "Re: Format String Vulnerabilities"
Reply: Pranay Kanwar: "Re: Format String Vulnerabilities"
Reply: rajat swarup: "Re: Format String Vulnerabilities"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hello,

I have a custom application that I am using to learn a little more
about format string vulnerabilities. It is basically an echo server. I
have been able to exploit the vulnerability and write data to memory
on the server however the problem I am seeing is that I want to
overwrite EIP but every time the application runs the stack seems to
be at a different location.

Does anyone know if Red Hat 9 has any form of stack protection? If so
is there a way to disable it?

Mike

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!

http://www.cenzic.com/c/2020
------------------------------------------------------------------------

Next message: Thor (Hammer of God): "Re: Sneaking a peek on Wlan in airports"
Previous message: killy: "Re: Re: Sneaking a peek on Wlan in airports"
Next in thread: andy.x.johnson@cummins.com: "Re: Format String Vulnerabilities"
Maybe reply: andy.x.johnson@cummins.com: "Re: Format String Vulnerabilities"
Reply: Pranay Kanwar: "Re: Format String Vulnerabilities"
Reply: rajat swarup: "Re: Format String Vulnerabilities"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:48 EDT