Date: Thu, 13 Feb 1997 14:26:40 -0700 (MST) From: Charles Mott <cmott@srv.net> To: freebsd-chat@freebsd.org Subject: Trying to understand stack overflow Message-ID: <Pine.BSF.3.91.970213141410.6299A-100000@darkstar>
next in thread | raw e-mail | index | archive | help
The traffic on -hackers suggests that there is a *major* concern about stack overflow. I asked around about this and was told that this was the method of exploitation used by the famous internet Worm eight or nine years ago. I stopped by the bookstore to see if I could get a reference on 386 assembly language so I could understand this business of stack pointers and frames a little better, but couldn't find one. There were books about the Alpha and PowerPC, but not on 386, 486 or Pentium machine language. Are there any decent on-line references that I can look at? I was not aware of this method of security attack. At least as far as the setlocale() vulnerability in 2.1.6 and earlier, the attacker has to be logged into your system. Are there any means of attack which can bust directly into your system from the internet without first logging in with a password? I am told the the Worm exploited finger and possibly sendmail to bust in. When I saw one person posting that he was having trouble sleeping at night because of this problem, I began to be curious. Charles Mott
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.91.970213141410.6299A-100000>