Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Computer Information > buffer overflow some how executing code?

Reply
Thread Tools

buffer overflow some how executing code?

 
 
Eckstein C.
Guest
Posts: n/a
 
      12-06-2005
Ok, every so often I run across an article in a forum somewhere that
given a "buffer overflow" a hacker can execute code on the system.

This just seems like a load of bunk to me. I've been programming in
various languages, including, though not limited to, c and cpp, and I
haven never once encountered a situation where writing past the bounds
of a buffer, which is just an array of characters, to suddenly be
converted into some sort of "magical code" that can suddenly wreak
havoc.

In any programming I've done where you can write outside of the bounds
of the buffer (char array), you get UNDEFINED behavior, not some magical
power. Even the C and C++ specs state this.

Can someone please explain to me where this comes from. One example I
just read was an IE6 exploit where using a url that's too logn and
contains "unusual" characters can allow a "hacker to run code on the
system." Again, these look liek total bunk to me, as a URL is just text,
and writting past the bound of the buffer just isn't going to give soem
REMOTE hacker the ability to suddenly jump into your system, or some put
code in there.

Can anyone pelase clear this up? If I'm missing something here please
let me know.


 
Reply With Quote
 
 
 
 
Boscoe Pertwee
Guest
Posts: n/a
 
      12-06-2005

"Eckstein C." <(E-Mail Removed)> wrote in
message news:(E-Mail Removed)...
One example I
> just read was an IE6 exploit where using a url that's too logn and
> contains "unusual" characters can allow a "hacker to run code on the
> system." Again, these look liek total bunk to me, as a URL is just
> text, and writting past the bound of the buffer just isn't going to
> give soem REMOTE hacker the ability to suddenly jump into your
> system, or some put code in there.
>
> Can anyone pelase clear this up? If I'm missing something here
> please let me know.


Pharming is a particularly nasty threat that uses email viruses and
security loopholes in browsers and Internet infrastructure to redirect
web users to specially created web sites where bank and credit card
details can be harvested. Pharming can operate locally, on a PC
infected by a virus, so that even though the correct web address is
entered the victim ends up on the scammer’s web site.

Alternatively it can affect whole groups of users thanks to Domain
Name System ‘Poisoning’. In this scenario the scammer hacks into a
DNS Directory and changes entries so that legitimate requests for a
bank or credit card company web page are misdirected to bogus web
sites. DNS poisoning can be hard to detect but the tell-tale signs of
a ‘spoofed’ web address in the Address bar and the Status bar at the
bottom of the page, which may contain unusual spellings or punctuation
marks.


 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Re: How include a large array? Edward A. Falk C Programming 1 04-04-2013 08:07 PM
??? Possible Buffer Overflow ??? =?Utf-8?B?VGltOjouLg==?= ASP .Net 2 08-31-2005 04:39 PM
ASP.NET Crashing on IIS 5.0 - Buffer overflow =?Utf-8?B?Lk5FVCBEZXY=?= ASP .Net 1 08-11-2005 08:04 PM
Upload IOS to 803 fails (buffer overflow) stapla222 Cisco 1 04-11-2005 10:33 PM
buffer overflow Wojtek Cisco 1 04-03-2005 04:03 PM



Advertisments