[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <NHBBILBHFGGDKDNJKCHGEEBFCEAA.exurity@rogers.com>
Date: Fri, 11 Apr 2003 20:20:04 -0400
From: "Exurity Inc." <exurity@...ers.com>
To: <bugtraq@...urityfocus.com>
Subject: Protection against buffer overflows: when your anchor is washed away, then you are overflowed and refuse to RET
Hi, Everyone on this list:
Please find http://members.rogers.com/exurity/pdf/AntiOverflows.pdf a
research paper on an anchoring mechanism to protect against overflow
exploitation. The concept presented is to utilize the address (and/or a
system-wide random number) of a structure or memory block to detect whether
the memory block above the anchor in memory address has been overflowed. If
it detects it has been overflowed, then protective steps such as generating
a single-step exception on x86 can be taken.
This article explains in depth the protection mechanisms for the following
exploitations of overflowing:
・ Against Off-By-One Exploitation Of Overflowed Stack
・ Against Exploitation of Heap Overflow and Memory Trampling
・ Against Exploitation of Overflowed Structured Exception Handling (SEH)
Frame Like Code Red
・ Against Brute Force Exploitation of RET in WebDAV Exploit Scheme.
・ Application of Anti-Overflow Concepts in Daily Programming
Peter Huang
http://members.rogers.com/exurity/
Powered by blists - more mailing lists