Scribd Logo
Upload

Welcome to Scribd!

  • Stack Overruns

    Uploaded by

    suresh kumar
    5 views1 page
    A stack-based buffer overrun occurs when a buffer declared on the stack is overwritten by copying data larger than the buffer size. This overwrites the return address for the function, allowing an attacker to execute arbitrary code. An attacker can exploit such a vulnerability to run commands of their choice by overwriting the return address with an address they specify. While double-byte character sets and other factors may make exploitation more difficult, stack overruns allow an attacker to gain control of a program and should be avoided.

    Original Description:

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    A stack-based buffer overrun occurs when a buffer declared on the stack is overwritten by copying data larger than the buffer size. This overwrites the return address for the function, allowing an attacker to execute arbitrary code. An attacker can exploit such a vulnerability to run commands of their choice by overwriting the return address with an address they specify. While double-byte character sets and other factors may make exploitation more difficult, stack overruns allow an attacker to gain control of a program and should be avoided.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    5 views1 page

    Stack Overruns

    Uploaded by

    suresh kumar
    A stack-based buffer overrun occurs when a buffer declared on the stack is overwritten by copying data larger than the buffer size. This overwrites the return address for the function, allowing an attacker to execute arbitrary code. An attacker can exploit such a vulnerability to run commands of their choice by overwriting the return address with an address they specify. While double-byte character sets and other factors may make exploitation more difficult, stack overruns allow an attacker to gain control of a program and should be avoided.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 1

    Stack Overruns

    Stack Overruns A stack-based buffer overrun occurs when a buffer declared on the stack is
    overwritten by copying data larger than the buffer. Variables declared on the stack are located next
    to the return address for the function’s caller. The usual culprit is unchecked user input passed to a
    function such as strcpy, and the result is that the return address for the function gets overwritten by
    an address chosen by the attacker. In a normal attack, the attacker can get a program with a buffer
    overrun to do something he considers useful, such as binding a command shell to the port of their
    choice. The attacker often has to overcome some interesting problems, such as the fact that the user
    input isn’t completely unchecked or that only a limited number of characters will fit in the buffer. If
    you’re working with double-byte character sets, the hacker might have to work harder, but the
    problems this introduces aren’t insurmountable. If you’re the type of programmer who enjoys
    arcane puzzles—the classic definition of a hacker—exploiting a buffer overrun can be an interesting
    exercise. (If you succeed, please keep it between yourself and the software vendor and behave
    responsibly with your information until the issue is resolved.) This particular intricacy is beyond the
    scope of this book, so I’ll use a program written in C to show a simple exploit of an overrun. Let’s
    take a look at the code:

    You might also like