- 23
- 0
- 约5.06万字
- 约 32页
- 2016-03-15 发布于山西
- 举报
缓冲区溢出漏洞攻击原理
[This was an ascii file in Phrack, Volume Seven, Issue Forty-Nine, November 08, 1996.
ConvertedtoHTML,andminorcorrectionsmadebypmateti@.]
.oOPhrack49Oo.
VolumeSeven,IssueForty-NineFile14of16
BugTraq,r00t,andUnderground.Org
bringyou
SmashingTheStackFor FunAndProfit
AlephOne
aleph1@
`smash the stack` [C programming] n. On many C implementations it is possible to corrupt the
executionstackbywriting pasttheendofanarraydeclaredautoin aroutine.Codethatdoesthisis
said to smash the stack, and can cause return from the routine to jump to a random address. This
can produce some of the most insidious data-dependentbugs known to mankind. Variants include
trashthe stack,scribble the stack, mangle the stack; the term mung the stackis notused,as this is
neverdoneintentionally.Seespam;seealso aliasbug,fandangooncore,memoryleak,precedence
lossage,overrun screw.
Introduction
Over the last few months there has been a large increase of buffer overflow vulnerabilities being
both discovered and exploited. Examples of these are syslog, splitvt, sendmail 8.7.5,
Linux/FreeBSDmount,Xtlibrary,at,etc.Thispaperattemptstoexplainwhatbufferoverflowsare,
andhowtheirexploitswork. Basicknowledgeofassembly isrequired.Anunderstandingofvirtual
memory concepts,andexperiencewithgdb are very helpful butnotnecessary.We also assume we
are working withan Intel x86 CPU, andthatthe operating system isLinux.Some basic definitions
before we begin: A buffer is simply a contiguous block of computer memory that holds multiple
instances of the same data type. C programmers normally associate with the word buffer arrays.
Most commonly, character arrays. Arrays, like all variables in C, can be declared either static or
dynamic. Static variables are allocated at load time on the data segment. Dynamic variables are
allocatedatruntime on the stack.To overflow is to flow,or fill over the top,brims,or bounds.We
will concernourselvesonly withtheoverflow ofdynamic buffers,otherwiseknownasstack-b
原创力文档

文档评论(0)