Subject: Re: Code-red worm (snicker snicker...)
To: Hubert Feyrer <hubert.feyrer@informatik.fh-regensburg.de>
From: Michael Kukat <michael@unixiron.org>
List: netbsd-users
Date: 08/02/2001 20:32:36
Hi !

On Thu, 2 Aug 2001, Hubert Feyrer wrote:
> Um, I'm afraid one of us two doesn't understand how a buffer overflow
> works... We're not talking about overwriting executable files here after
> all, right?

Depends on the nature of the overflow, how it handles it. Maybe some only can
run binary code, as bytes of the running binary are replaced, and others might
be able to execute a completely new program, like one of those shell scripts.
Remember this statd (or was it lockd)-bug in Linux? I have seen it from the
inside, as i got such a hacked disk into my hands to analyze it. This was exact
the thing i mentioned, a little bunch of shell commands, opening a root shell
on some port >1024.

...Michael

-- 
visit http://www.bsdfans.org/   Home network powered by: NetBSD OpenBSD FreeBSD
Solaris HP-UX IRIX AIX MUNIX Tru64 Ultrix VMS SINIX Dolphin_Unix OpenStep MacOS