Hosting Provided By

Buffer overflows, return address and offset

From: Peter Bondra <kandm(at)cybermesa.com>
Date: Wed Mar 05 2003 - 09:58:47 EST

('binary' encoding is not supported, stored as-is)

Hello:
I am testing the xlock vulnerability on a Sun Solaris 8(SPARC). In the process, I realized that I need help to determine the return addresses and offset. The code I scarfed off of the web worked as advertised on Solaris 7(SPARC), but when I compiled/tested it on Solaris 8(SPARC), it segfaults. ALso, I do not get a core file...well I may have at one time or another.

The exploit code is at: http://www.securiteam.com/exploits/5GP0D1F55W.html

For testing purposes, we have stack execution enabled even though I believe the exploit is a heap-based buffer overflow.

My question is: what steps should/could I take to determine the return address and other address-related variables, i.e, offsets, etc? More specifically, what gdb commands will help and how do I interpret the gdb output? Is "truss" useful to get the desired information and how do you use it? Finally, are there other tools that are useful? My fellow emloyees are suggesting that I use a loop and guess at the values until I get the desired result...

Thank you Received on Wed Mar 5 12:26:14 2003

This message: [ Message body ]
Next message: b0f www.b0f.net: "Re: gtali Segmentation fault"
Previous message: Elisha Riedlinger: "Sygate Security Bulletin SS20030221-0001"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:07:38 EDT