Originally Published: Wednesday, 3 November 1999 Author: Quentin Cregan
Published to: news_enhance_security/Security News Page: 1/1 - [Printable]

Function pointer attacks leading to security compromises:

Vendicator, the author of the StackShield software has posted to BugTraq illusdtrating the dangers of Function Pointer attacks on the system. "It is simple: if a function with an overflowable buffer contains call with a function pointer declared before the buffer the attacker may overwrite the pointer with the address of the shellcode (or in the NOP block) without altering the RET address in the stack. Even if the RET is altered the shellcode is executed before the function epilog causing StackGuard and the old Stack Shield not to detect it."