$AUUGid: www/data/events/2004/auug2004/theo/mgp00004.txt,v 1.1 2004/09/04 08:42:50 davidp Exp $

The stack-based buffer overflow


The mechanics of a stack-based buffer overflow





Attacker overflows buffer on stack
Note: Buffer is ALWAYS at the
same place

Overflow overwrites function return
address -- fixed value pointer into
overflow buffer - execution starts

Key point: The pointer points
into the buffer (where the
attack code is placed)

Solution:  a random-sized gap at
top of stack (8-byte aligned)