Real Geek Forums > Archives > Operating Systems > Windows Vista > Windows Vista Security > Stack smashing/buffer overflow research

Stack smashing/buffer overflow research

Posted: 05-15-2007, 07:23 AM
Erik Wikström
Guest
Posts: n/a
 
Hi, let me start by apologising if these are the wrong groups to post
these kinds of messages to (I've cross-posted) but after searching the
web and not finding any good material I thought there might be someone
here who know.

I'm a student and I'm currently working on a small project dealing
with stack smashing/buffer overflows and protection mechanisms in
modern OSes, the idea is to make a survey of the different techniques
that can be used to protect an application against these kinds of
attacks. On the Windows side I have identified three mechanisms that
I'm focusing on, the /GS flag in Visual Studio 2005, ASLR (Address
Space Layout Randomization) and DEP (Data Execution Prevention).

Since I'm not a security expert I can't see any way that I might be
able to circumvent any of those (even less so all of them together)
but I know there are people working with these kinds of things
(whatever their intentions are) so what I'm asking is, if there are
any known and published stack smashing/buffer overflow attacks that
can successfully circumvent the techniques mentioned above (either
just one of them or a combination).

Any information will be greatly appreciated.

PS: Mind the cross-posting when replying

--
Erik Wikström

Reply With Quote

Responses to "Stack smashing/buffer overflow research"

Michal Bucko
Guest
Posts: n/a
 
Re: Stack smashing/buffer overflow research
Posted: 05-15-2007, 08:10 AM
>I'm focusing on, the /GS flag in Visual Studio 2005, ASLR (Address
>Space Layout Randomization) and DEP (Data Execution Prevention).
>Since I'm not a security expert I can't see any way that I might be
>able to circumvent any of those (even less so all of them together)
>but I know there are people working with these kinds of things
>(whatever their intentions are) so what I'm asking is, if there are
>any known and published stack smashing/buffer overflow attacks that
>can successfully circumvent the techniques mentioned above (either
>just one of them or a combination).


1. /GS stackguard protection places canary before frame pointer/stack
pointer.
Canary value change results in security error.
The issue: /GS protects arrayas ONLY, you can also exploit BO's that are not
on the stack

2. ASLR - changes mapping of DLL, stack, heap (randomness)
Hardcoded address-based attacks prevention technique. How do we pass ASLR?
We take advantage of so-called heap spraying (suggested reading!)

3. ASLR and DEP bypassing - usage of heap spraying, exploit jumps to
existing DEP disable
code, payload is executed

If You have any doubts, please, feel free to contact me at:
sapheal<at>hack<dot>pl.


Hope I helped,


Michal Bucko

sapheal.hack.pl
HACKPL Security Labs

Reply With Quote
Michal Bucko
Guest
Posts: n/a
 
Re: Stack smashing/buffer overflow research
Posted: 05-15-2007, 08:22 AM
By the way, I assumed that you already know what SEH overwrite technique is
;-)


mb

Reply With Quote
Michal Bucko
Guest
Posts: n/a
 
Re: Stack smashing/buffer overflow research
Posted: 05-25-2007, 10:34 PM
By the way, lately I posted a short article about the exploitation
techniques
under Windows. You might be interested:
http://sapheal.hack.pl/arts/Introduc...ploitation.pdf

The article isn't , however, even giving an overall view on the subject -
it is more like a bunch of thoughts and notes made in a rush ;-)

Hope I could help,

Michal

Reply With Quote
 
LinkBack Thread Tools Display Modes
Reply

« Previous Thread | Next Thread »

Thread Tools
Display Modes
Hybrid Mode Hybrid Mode

Posting Rules
You may not post new threads
You may post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On
Forum Jump


Similar Threads
Thread Thread Starter Forum Replies Last Post
Stack overflow and thumbnails Dave P Windows Vista Networking & Sharing 0 11-29-2007 11:38 AM
Buffer overflow Remko van Leeuwen Windows XP Device Drivers 0 09-14-2004 12:49 PM
Buffer Overflow orville Windows XP Performance & Maintenance 2 10-17-2003 07:52 AM
How to prevent Buffer Overflow in Windows XP orville Windows XP Performance & Maintenance 0 10-16-2003 07:06 AM
How to prevenut Buffer Overflow in Windows XP orville Windows XP Performance & Maintenance 0 10-16-2003 07:05 AM