|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: format-string exploit under Wndows?
From: Bluefish (11a
GMX.NET)Date: Mon Jul 17 2000 - 19:10:18 CDT
- Next message: AnorEXia: "Re: core dump"
- Previous message: Bluefish: "Re: Reading PC BIOS "flash" (NVRAM)"
- In reply to: Slawek: "Re: format-string exploit under Wndows?"
- Reply: Bluefish: "Re: format-string exploit under Wndows?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
> On the other hand there's no need for such exploits - make is executed with
> the same privileges that the user who is invoking it and only he could
> exploit it. Why should he do it? What could he gain from this?
It obviouslt depends upon what the final application would be doing;
consider the fact that numerous applications recieves data not only from
the user executing the application, but from other sources as well
(from enviromental variables, servers, connecting clients, read files etc
etc)
>>> sprintf(errmsg, _("%s: Interrupt/Exception caugh "), prg);
>>> fprintf(stderr, errmsg);
> Well, I think this time it is not about ANSI bombs but formatting
> errors. %s %n etc. can be put in "prg" and I'm almost sure this can be
> exploited.
Hey, actually reading an email carefully before answering is cheating ;)
Agree, that can possibly be exploited as well in order to crash the
application using that trick. Or to modify return address as
described by Thomas Dullien earlier (thanks for a nice post, TD)
..:::::::::::::::::::::::::::::::::::::::::::::::::..
http://www.11a.nu || http://bluefish.11a.nu
eleventh alliance development & security team
- Next message: AnorEXia: "Re: core dump"
- Previous message: Bluefish: "Re: Reading PC BIOS "flash" (NVRAM)"
- In reply to: Slawek: "Re: format-string exploit under Wndows?"
- Reply: Bluefish: "Re: format-string exploit under Wndows?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]