[Code-Crunchers] everyone seen this format string thingie onm bugtraq?
Izik
xorninja at gmail.com
Sun Oct 22 05:00:45 CDT 2006
Just did.
He basically converted that format string into a heap-alike attack.
Overwriting the .DTORS in order to execution and using the fact that VA
patch at this point does not randomize anything but the stack page and
libraries mapping, is whats makes this attack works. If the .DTORS would've
being randomized every time - it would've useless.
P.S.
Pinky is down to 288 bytes, a post on this matter will be issued later
today.
Itzik
On 10/22/06, Gadi Evron <ge at linuxbox.org> wrote:
>
> http://www.securityfocus.com/archive/1/449129/30/0/threaded
>
> _______________________________________________
> Code-Crunchers mailing list
> Code-Crunchers at whitestar.linuxbox.org
> http://whitestar.linuxbox.org/mailman/listinfo/code-crunchers
>
--
Thank you, your honor. With God's help I'll conquer this terrible
affliction.
-- Mark 'Rentboy' Renton / Trainspotting
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://whitestar.linuxbox.org/pipermail/code-crunchers/attachments/20061022/8bce201f/attachment.htm
More information about the Code-Crunchers
mailing list