%0 Journal Article %1 aleph:96 %A Aleph One, %D 1996 %J Phrack %K attack code-injection %N 49 %T Smashing The Stack For Fun And Profit %U http://www.phrack.com/issues.html?issue=49&id=14 %V 7 %X Over the last few months there has been a large increase of buffer\newlineoverflow vulnerabilities being both discovered and exploited. Examples\newlineof these are syslog, splitvt, sendmail 8.7.5, Linux/FreeBSD mount, Xt \newlinelibrary, at, etc. This paper attempts to explain what buffer overflows \newlineare, and how their exploits work.\parBasic knowledge of assembly is required. An understanding of virtual \newlinememory concepts, and experience with gdb are very helpful but not necessary.\newlineWe also assume we are working with an Intel x86 CPU, and that the operating \newlinesystem is Linux.\parSome basic definitions before we begin: A buffer is simply a contiguous \newlineblock of computer memory that holds multiple instances of the same data \newlinetype. C programmers normally associate with the word buffer arrays. Most \newlinecommonly, character arrays. Arrays, like all variables in C, can be \newlinedeclared either static or dynamic. Static variables are allocated at load \newlinetime on the data segment. Dynamic variables are allocated at run time on \newlinethe stack. To overflow is to flow, or fill over the top, brims, or bounds. \newlineWe will concern ourselves only with the overflow of dynamic buffers, otherwise\newlineknown as stack-based buffer overflows.

@article{aleph:96, abstract = {Over the last few months there has been a large increase of buffer{\newline}overflow vulnerabilities being both discovered and exploited. Examples{\newline}of these are syslog, splitvt, sendmail 8.7.5, Linux/FreeBSD mount, Xt {\newline}library, at, etc. This paper attempts to explain what buffer overflows {\newline}are, and how their exploits work.{\par}Basic knowledge of assembly is required. An understanding of virtual {\newline}memory concepts, and experience with gdb are very helpful but not necessary.{\newline}We also assume we are working with an Intel x86 CPU, and that the operating {\newline}system is Linux.{\par}Some basic definitions before we begin: A buffer is simply a contiguous {\newline}block of computer memory that holds multiple instances of the same data {\newline}type. C programmers normally associate with the word buffer arrays. Most {\newline}commonly, character arrays. Arrays, like all variables in C, can be {\newline}declared either static or dynamic. Static variables are allocated at load {\newline}time on the data segment. Dynamic variables are allocated at run time on {\newline}the stack. To overflow is to flow, or fill over the top, brims, or bounds. {\newline}We will concern ourselves only with the overflow of dynamic buffers, otherwise{\newline}known as stack-based buffer overflows.}, added-at = {2021-09-19T18:40:37.000+0200}, author = {{Aleph One}}, biburl = {https://www.bibsonomy.org/bibtex/2ab3fe2fc7bbb9a9adc414df8b674ac53/steschum}, interhash = {21117a91924854c887f46980360498e8}, intrahash = {ab3fe2fc7bbb9a9adc414df8b674ac53}, journal = {Phrack}, keywords = {attack code-injection}, month = {November}, number = 49, timestamp = {2021-09-19T18:41:56.000+0200}, title = {Smashing The Stack For Fun And Profit}, url = {http://www.phrack.com/issues.html?issue=49&id=14}, urldate = {2006-12-03}, volume = 7, year = 1996 }