- Training
- Training - ALL
- Training - US / Canada
- Training - EMEA
- Training - International
- Training - Virtual
- SANS Courses
- Courses - Best Sellers
- Training Calendars
- SANS @Home
- SANS OnDemand
- Community SANS
- SANS Mentor Program
- SANS Onsite
- SANS SelfStudy
- SANS Partnership Series
- SANS Workshop Series
- Webcasts
- Career Roadmap
- Certified Instructors
- Work Study
- Group Discounts
- Events Archive
- DoD 8570
- Voucher Credit Program
- Certification
- Resources
- Vendor
- Portal
- Storm Center
- College
- Developer
- About
the most trusted source for computer security training, certification and research
Stack Based Overflows: Detect & Exploit
- Abstract
- Buffer overflows remain some of the most serious and widespread vulnerabilities that exist, often giving an attacker complete control over the compromised system. Thus, in depth knowledge of how these vulnerabilities and exploits work is of utmost importance to penetration testers and incident handlers. This report provides the reader with a basic understanding of how stack based overflows work in practice. The most accurate way of detecting stack based overflows is described. Finally, it is shown how to exploit a sample vulnerable program on the Linux platform. Notably, the report locates a number of stack overflow vulnerabilities in the latest version of Microsoft Windows XP SP2. While by themselves low risk vulnerabilities, the finding of them does question the quality of code provided to us today. When even the most widespread OS in the world suffers from stack overflows, chances are that exhaustive penetration testing of many other products will show the same type of vulnerabilities.