[PLUG] How payloads are delivered by buffer overflow exploits

Wil Cooley wcooley at nakedape.cc
Tue Sep 28 17:03:01 UTC 2004


On Tue, 2004-09-28 at 16:23 -0700, Keith Lofstrom wrote:
> On Tue, 28 Sep 2004, Paul Heinlein wrote:
> 
> > Image files are parsed and "executed" by various rendering libraries. 
> > If those libraries don't do proper bounds checking, regardless of 
> > whether the host OS is Windows or Linux, a buffer overflow could 
> > occur.
> 
> Bill Thoen <bthoen at gisnet.com> writes
> > So what do the bad guys actually do with a "buffer overflow"? How does 
> > that run a virus installer instead of just crashing?
> 
> I hope someone provides a more accurate answer,


These should be illuminating, I think:

http://www.immunix.com/pdfs/discex00.pdf
http://www.immunix.org/StackGuard/usenixsc98.pdf

Wil
-- 
Wil Cooley                                 wcooley at nakedape.cc
Naked Ape Consulting                        http://nakedape.cc

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://lists.pdxlinux.org/pipermail/plug/attachments/20040928/6f64b667/attachment.asc>


More information about the PLUG mailing list