‘Smack the Stack – Advanced Buffer Overflow Methods (Virtual Address)’

Summary

From time to time, a new patch or security feature is integrated to raise the bar on buffer overflow exploiting. The paper linked here includes five creative methods to overcome various stack protection patches, but in practice focus on the VA (Virtual Address) space randomization patch that have been integrated to Linux 2.6 kernel. These methods are not limited to this patch or another, but rather provide a different approach to the buffer overflow exploiting scheme.’

Credit:

‘The information has been provided by Izik.
The original article can be found at: http://www.tty64.org/doc/smackthestack.txt


Details

VA Patch:
Causes certain parts of a process virtual address space to be different for each invocation of the process. The purpose of this is to raise the bar on buffer overflow exploits. As full randomization makes it not possible to use absolute addresses in the exploit. Randomizing the stack pointer and mmap() addresses. Which also effects where shared libraries goes, among other things. The stack is randomized within an 8Mb range and applies to ELF binaries. The patch intedned to be an addition to the NX support that was added to the 2.6 kernel earlier as well. This paper however addressed it as solo.

The full paper can be downloaded from: http://www.tty64.org/doc/smackthestack.txt

Categories: Reviews