[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-users] BIND vulnerability

Subject: RE: [cobalt-users] BIND vulnerability
From: "Brian Collins" <bjcollins@xxxxxxxxxxxxxx>
Date: Wed Jan 31 07:43:06 2001
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

If you guys are talking about the critical Bind 8.2.3-Beta > Bind 8.2.3-Rel
then it deals with heap overflows.While this is a buffer overflow, it occurs
in the 'bss' or 'heap' region of process memory. It cannot be exploited in
the same way a stack overflow can be. In addition, this part of memory is
not executable, therefore any shellcode must somehow be put in the stack.

The most likely way to exploit a vulnerability like this is through
corruption of malloc() structures. If an attacker can overwrite the
beginning of a malloc()'ed block of memory and have it remain intact until
free() is called on it, arbitrary locations in memory can be overwritten
with attacker supplied-values.

An attacker may, for example, overwrite a return address on the stack with a
value pointing to shellcode somewhere in executable memory. When the
function returns, the supplied shellcode will be executed with privileges of
named (typically root).

Follow-Ups:
- RE: [cobalt-users] BIND vulnerability
  - From: flash22

Prev by Date: Re: [cobalt-users] BIND vulnerability
Next by Date: Re: [cobalt-users] slow email
Previous by thread: [cobalt-users] FTP Stooped working
Next by thread: RE: [cobalt-users] BIND vulnerability

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index