[转载]Explanation of a remote buffer overflow vulnerability
文章作者:Denis Maggiorotto信息来源:邪恶八进制信息安全团队([url]www.eviloctal.com[/url])
[b]Introduction[/b]
Many times you heard about the “Buffer overflow vulnerability” in a specific software, may be you also
download a script or program to exploit it, but now, you’ll learn what a buffer overflow is, and what happens
when it occures, including the risks for the corrupted system.
The trip to this vulnerability starts from theory and terminates with a laboratory experience that showes an
exploitation of this vulnerability, in action.
This document is a “proof of concept” and its purpose is to take the reader from theory to practice in this
vulnerability. Of course the author is not responsible for the potential “bad use” that someone can do with it.
Because of the existence of many different computer architectures, the content of this document will regard
the only Intel x86 architecture and the operating system Linux.
More in depth, the experiment will regard an exploitation of a server process, running on an OpenSuSE 10.2
OS, kernel 2.6.18, compiled with gcc version 4.1.2.
Let’s start with a bit of theory.
页:
[1]