Category:Defeating Protection
From SecurityForest
- Description: Most buffer overflow exploits for Windows have relied on getting code on the stack and somehow jumping process execution to there, but as more products arrive in the market to prevent such attacks from succeeding the non-stack based overflow exploit will become more and more common. This document will describe what they are and how to write one.
- Author: David Litchfield
- Download: non-stack-bo-windows.pdf (http://www.securityforest.com/downloads/educationtree/non-stack-bo-windows.pdf)
- Rated:
- Description: This paper presents several methods of bypassing the protection mechanism built into Microsoft’s Windows 2003 Server that attempts to prevent the exploitation of stack based buffer overflows. Recommendations about how to thwart these attacks are made where appropriate.
- Author: David Litchfield
- Download: defeating-w2k3-stack-protection.pdf (http://www.securityforest.com/downloads/educationtree/defeating-w2k3-stack-protection.pdf)
- Rated:
- Description: This article is an attempt to demonstrate that it is possible to exploit stack overflow vulnerabilities on systems secured by StackGuard or StackShield even in hostile environments (such as when the stack is non-executable).
- Author: Bulba and Kil3r - HERT
- Download: p56-0x05.txt (http://www.securityforest.com/downloads/educationtree/p56-0x05.txt)
- Rated:
- Description: I've recently been playing around with bypassing the non-executable stack protection that Solaris 2.6 provides. I'm referring to the mechanism that you control with the noexec_user_stack option in /etc/system. I've found it's quite possible to bypass this protection, using methods described previously on this list. Specifically, I have had success in adapting the return into libc methods introduced by Solar Designer and Nergal to Solaris/SPARC.
- Author: John McDonald
- Download: sol-ne-stack.html (http://www.securityforest.com/downloads/educationtree/sol-ne-stack.html)
- Rated:
