You don't.

There are two parts to any exploit. There is the code that takes
advantage of the vulnerbility and the malicious code that carries out
an attackers bidding, this is called the payload. The way a buffer
overflow attack works is that it enables an attacker to redirect to
flow of execution inside a program. What KF demostrated is that the
vulnerbility is still present by triggering the flaw but without a
payload to redirect execution to you get a crash.

This doesn't mean that the bug is not exploitable, this just means the
KF didn't include a payload in his example of an attack. Before
someone says that there isn't payloads for OSX, there are papers on
it:

http://www.uninformed.org/?v=1&a=1&t=sumry

On 11/24/06, Simon Slavin <s.slavin (at) lancaster.ac (dot) uk [email concealed]> wrote:
>
> On 24 Nov 2006, at 3:12am, K F (lists) wrote:
>
> > kevin-finisterres-computer:~ kf$ gdb -q perl
> > Reading symbols for shared libraries .... done
> > (gdb) r -e 'printf("%2147483658\$n");'
> > Starting program: /usr/bin/perl -e 'printf("%2147483658\$n");'
> > Reading symbols for shared libraries . done
> >
> > Program received signal EXC_BAD_ACCESS, Could not access memory.
> > Reason: KERN_PROTECTION_FAILURE at address: 0x00000008
> > 0x967ce510 in Perl_sv_setiv ()
>
> I have to admit I don't understand what you think this proves. It
> seems to me that the OS is giving you a KERN_PROTECTION_FAILURE
> instead of allowing you to do anything bad. Perhaps I just don't
> understand what's going on.
>
> Simon
> --
> Simon Slavin Fylde Building Room C11
> Computing Development Officer 01524 65201 x 93569
> Psychology Department
> University of Lancaster
>
>
>

[ reply ]