security - Understanding the causes of the stack overflow attack -


go deeper causes of vulnerability, such stack buffer overflow, have number of questions, find difficult answer:

  1. maybe stupid question, still, why in os, such windows, buffer recording on stack occurs in direction recorded information: http://s27.postimg.org/udizo3itf/stack_overflow_2.png , not that: http://s18.postimg.org/q6kje5up5/stack_overflow_22.png then, if allocated memory not enough contain buffer, program crashes (an attempt appeal unallocated memory) , return address function not overwrites.

  2. does stack overflow attack make sense when target program has high permissions in system? how vulnerability helps attacker, example, create backdoor? if stack overflow attack needs inject shellcode, means attacker gets system control , can want(stack overflow attack unnecessary), or means user has needed attacker(in case, attacker can persuade user run executable file needs - stack overflow attack unnecessary).

please specify reasoning wrong.

here answers:

  1. the initial architecture might have been built without protection buffer overflow attacks. of course, newer versions upgraded protection modules against known attacks.
  2. the buffer overflow attack make sense regardless of user-permission level , 1 of different ways exploit code executed. if buffer overflow attack used , non-root access obtained, privilege-escalation move needed root access.

Comments

Popular posts from this blog

google chrome - Developer tools - How to inspect the elements which are added momentarily (by JQuery)? -

angularjs - Showing an empty as first option in select tag -

php - Cloud9 cloud IDE and CakePHP -