|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Andreas Ferber (aferber
techfak.uni-bielefeld.de)Date: Wed May 22 2002 - 02:31:12 CDT
On Wed, May 22, 2002 at 03:48:16PM +1200, Jason Haar wrote:
>
> Most buffer overflows I've seen attempt to infiltrate the system enough to
> run /bin/sh. In chroot'ed environments, /bin/sh doesn't (shouldn't!) exist -
> so they fail.
>
> Is it as simple as that? As 99.999% of the system binaries aren't available
> in the jail, can a buffer overflow ever work?
The buffer overflow still works as expected (the bug is in the daemon,
not in /bin/sh), though the shellcode used in most precooked exploits
doesn't work. If the buffer is large enough so that the attacker can
place more code than just an exec("/bin/sh") into it, he can still do
all nasty things inside the bounds of the jail (e.g. uploading his own
shell and executing that one ;-)
Andreas
--
Andreas Ferber - dev/consulting GmbH - Bielefeld, FRG
---------------------------------------------------------
+49 521 1365800 - afdevcon.net - www.devcon.net
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]