When dealing with buffer overflows, there are basically three things that can happen. The first is denial of service. It is really easy to get a segmentation fault when dealing with process memory. However, it's possible that is the best thing that can happen to a software developer in this situation, because a crashed program will draw attention.
The second thing that can happen when a buffer overflows occurs is that the eip can be controlled to execute malicious code at the user level of access. This happens when the vulnerable program is running at the user level of privilege.
The third and absolutely worst thing that can happen when a buffer overflow occurs is that eip can be controlled to execute malicious code at the system or root level.
No comments:
Post a Comment