|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
RE: Buffer UNDERFLOWS: What do you know about it?
From: OUAH (supermouette
bluewin.ch)
Date: Sun Jan 11 2004 - 20:30:34 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
hi,
> I've been thinking about it for few days, Googling, looking for
papers, articles
> or whatever over the internet, but there is scant material about it.
> So I decided ask what you guys know about it?
there was a famous bug in Apache in the beginning-middle of 2002 (known
as apach chunked vuln) discovered
by ISS and successfully exploited by GOBBLES. If it was strictly
speaking a classical heap overflow ("overrrun"), the
way GOBBLES exploited it in openbsd systems is like a buffer "underrun".
(With the heap overflow, they can controled the last argument of a
memcpy() call. And by rending this argument negative in openbsd ,
memcpy() copy in the backward direction.)
my 2 cents about buffer underruns..
--------
OUAH
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]