Continued...About three hundred and seventy fives years before Caesar was conquering Britain a philosopher called Socrates claimed that the only thing he knew was that he new nothing. One thing is evident - he certainly did not know that someone would be ripping off one of his lines to introduce a talk about buffer overruns over two millennia later. However, his words and their import hold true for all of us today especially in the IT security industry. There is just so much to learn and the more you do the more you realize that, in the larger picture we really do know nothing. That's what this talk is about. Over the next hour or so I'm going to attempt to teach those with absolutely no knowledge about buffer overruns about what one actually is, how to recognize one and ending with how to exploit one - using an as-of-yet-undisclosed buffer overrun vulnerability in a major database vendor's web front end. Hopefully you'll see that you don't really need to know that much to be able to getting a working exploit. I assume that some in this room do know nothing and others know everything there is to know about overruns and are just here to heckle me.
So what is a buffer overrun and why should you care? The SANS institute a few months back released a list of the 10 most commonly used methods to break into servers. Of these ten a large number can be attributed to buffer overrun vulnerabilities....
http://www.nextgenss...erflowpaper.rtf
