Home > mailing lists

Re: @(#)Mordred Labs advisory 0x0003: Buffer overflow in - Mailing list pgsql-hackers

From	Florian Weimer
Subject	Re: @(#)Mordred Labs advisory 0x0003: Buffer overflow in
Date	August 22, 2002 10:30:19
Msg-id	87wuqjuo50.fsf@CERT.Uni-Stuttgart.DE Whole thread Raw
In response to	Re: @(#)Mordred Labs advisory 0x0003: Buffer overflow in (Gavin Sherry <swm@linuxworld.com.au>)
List	pgsql-hackers

Tree view

Gavin Sherry <swm@linuxworld.com.au> writes:

> It would be perhaps one of the most impressive hacks ever if someone
> could dream machine code to put in the overrun which consisted
> entirely of printable characters.

At least for the x86 architecture, working ASCII-only shell code
exists (even shell code which consists just of letters!).  See for
example:

http://cert.uni-stuttgart.de/archive/vuln-dev/2000/10/msg00200.html

ASCII-only shellcode for RISC platforms is even harder and might be
impossible.

-- 
Florian Weimer                       Weimer@CERT.Uni-Stuttgart.DE
University of Stuttgart           http://CERT.Uni-Stuttgart.DE/people/fw/
RUS-CERT                          fax +49-711-685-5898

pgsql-hackers by date:

From: Teodor Sigaev
Date: 22 August 2002, 09:30:42
Subject: Please, apply patch

From: Tom Lane
Date: 22 August 2002, 12:43:13
Subject: Re: Release of v7.2.2 (Was: Re: @(#)Mordred Labs ad...)

Re: @(#)Mordred Labs advisory 0x0003: Buffer overflow in - Mailing list pgsql-hackers

Previous

Next