Buffer-Overflow Exploit Walk-Through

This walk-through is based on the demonstration I gave at Case Western Reserve University on October 6, 2010. Actually, I shouldn’t take all of the credit for it: we implemented these exploits as a large group. Go team!

The README provides a lot of information on the basic theory. I have placed the documentation for the exploits directly inside of the exploit code. I have a feeling that I will need to flesh out some of the exploit details a little further, but I wanted to release this sooner rather than later. Please let me know if there are any gaps, and I will fill in the details as I find time.

Download the Walk-Through Here

Thanks again to all the students at Case Western!

2 thoughts on “Buffer-Overflow Exploit Walk-Through

  1. Brian,

    You may remember me from the Secure Coding training you did here at SWIFT Manassas last week, which is what I have a comment about.

    You had recommended use of mkstemp() instead of the two-step tmpnam() followed by fopen(), so I looked into following your advice.

    What I found is that mkstemp() is a deprecated function, and that tmpnam() is actually the better approach.

    Just FYI.



Leave a Reply

Your email address will not be published. Required fields are marked *