[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-users] BIND vulnerability

Subject: RE: [cobalt-users] BIND vulnerability
From: flash22@xxxxxxx
Date: Thu Feb 1 14:47:09 2001
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

On Wed, 31 Jan 2001, Brian Collins wrote:

> If you guys are talking about the critical Bind 8.2.3-Beta > Bind 8.2.3-Rel
> then it deals with heap overflows.While this is a buffer overflow, it occurs
> in the 'bss' or 'heap' region of process memory. It cannot be exploited in
> the same way a stack overflow can be. In addition, this part of memory is
> not executable, therefore any shellcode must somehow be put in the stack.

Umm, on x86 machines this is not true, try this small code snippet:

#include <stdio.h>
#include <malloc.h>

main()
{
char    *cp;
int     (*fn)();

        cp=malloc(32);
        *cp=0xc3;       // x86 return (far)
        fn=cp;
        fn();
        exit(0);
}


if heap isn't executable this should seg fault, but in fact it works just
fine :)

References:
- RE: [cobalt-users] BIND vulnerability
  - From: Brian Collins

Prev by Date: RE: [cobalt-users] My dog ate my Unix admin book
Next by Date: Re: [cobalt-users] ftp home directory
Previous by thread: RE: [cobalt-users] BIND vulnerability
Next by thread: [cobalt-users] Updating BIND on the RAQ 2

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index