nullcon 2011 - buffer underrun exploits
Post on 18-May-2015
1.045 Views
Preview:
DESCRIPTION
TRANSCRIPT
By Saurabh Sharma & Chinmaya Kamal(SETLabs, Infosys)
http://null.co.in/ http://nullcon.net/Saurabh & Chinmaya
● Buffer overflow attacks
● Cookie prevention
● Buffer Under Run Attacks
Saurabh & Chinmaya
•In some languages like C, boundchecking mechanisms are notimplemented. When the input data whichis used to fill the buffer is greater thanthe size of the allocated buffer, othervalues in the stack get overwritten. If theattacker designs this input carefully, hecan overwrite the return address with theaddress of his will. This address maypoint to some custom code, can be amalicious shell code. These attacks areknown as buffer overflow attacks.
•Buffer overflow attacks are caused when the buffers such as arraysare filled without the proper bound checking.
Saurabh & Chinmaya
Saurabh & Chinmaya
Saurabh & Chinmaya
Saurabh & Chinmaya
Saurabh & Chinmaya
Saurabh & Chinmaya
Saurabh & Chinmaya
•PHP5 Space Trimming Buffer Under Flow (Header(), MacOSX)
Saurabh & Chinmaya
Thank You
Saurabh & Chinmaya
top related