Buffer Overflows
Another common way to exploit a remote service or local application is
through a technique known as a ’Buffer Overflow’. A buffer overflow is
an attack in which an attacker exploits an unchecked buffer in an
application and overwrites the program code with other selected code.
If the program code in memory is overwritten with new executable
code, the effect is to change the program’s operation as dictated by the
attacker.
There are two ways in which buffer overflows are usually exploited:
• Loading of code into another memory location, and pointing the
overflow to that location.
• Run an application such as /bin/sh (to give a user an interactive
shell on UNIX systems) or rdisk /s- (This will run rdisk in
unattended mode, and leave an attacker a copy of the Windows NT
sam file in \winnt\repair).
No comments:
Post a Comment