On Tuesday, July 16, 2002, at 11:09 , Eric D. wrote: > on 16/7/02 10:40, Eagle at [EMAIL PROTECTED] wrote: >> That would be true for an automated worm, but the possibility of >> gaining >> remote access through an Apache (or BIND, or sendmail, or whatever) >> exploit still exists. Even though the exact exploit might be different >> (it might not - I don't know with certainty), a buffer overflow is a >> buffer overflow. > > Any chance you could explain a buffer overflow to us? (I'm hoping)
Input buffers are allotted a certain amount of space; this is not usually infinite. :) Ever notice in your web server logs, from the Code Red era, that the GET requests were REALLY REALLY long, and that they contained a bunch of characters that made no sense to you? That was a buffer overflow exploit, and it worked by putting code onto the computer (via the HTTP GET request) -- code which ran past the end of the input buffer and was then executed by the computer. That's basically how a buffer overflow works. As you rightly point out, an overflow exploit for one system won't necessarily work on another, but an overflowable buffer in a version of Apache will still be overflowable on ANY system running that version of Apache. It would just likely require a different exploit to gain unauthorized access. Eagle -- G-List is sponsored by <http://lowendmac.com/> and... Small Dog Electronics http://www.smalldog.com | Refurbished Drives | -- We have Apple Refurbished Monitors in stock! | & CDRWs on Sale! | Support Low End Mac <http://lowendmac.com/lists/support.html> G-List list info: <http://lowendmac.com/lists/g-list.shtml> Send list messages to: <mailto:[EMAIL PROTECTED]> To unsubscribe, email: <mailto:[EMAIL PROTECTED]> For digest mode, email: <mailto:[EMAIL PROTECTED]> Subscription questions: <mailto:[EMAIL PROTECTED]> Archive: <http://www.mail-archive.com/g-list%40mail.maclaunch.com/> Using a Macintosh? Get free email and more at Applelinks! <http://www.applelinks.com>
