File:Aslr stack smash.svg

Summary

Description
English: Illustration of the target of a stack based buffer overflow. The orange triangle indicates the target address for the injected shellcode or ret2libc attack.

In the case of shellcode, a NOP buffer will defeat minor randomization; however, a non-executable stack prevents the use of shellcode. This gives the attack an X/R probability of success, where X is the width of injected NOPs divided by the width of a randomization period and R is the number of possible positions the stack could end at.

The ret2libc case is possible with a non-executable stack; however, moving the stack by even a single byte will mis-align the injected stack frames, causing the attack to fail. The injected stack frames can be repeated, which gives the attack a Y/R probability of success, where Y is the number of times the stack frames are repeated on relative alignment to the width of a randomization period and R is the number of possible positions the stack could end at.
Date (UTC)
Source File:Aslr stack smash.png
Author Bluefoxicy, vectorised by chris

Licensing

w:en:Creative Commons
attribution share alike
This file is licensed under the Creative Commons Attribution-Share Alike 3.0 Unported license.
You are free:
  • to share – to copy, distribute and transmit the work
  • to remix – to adapt the work
Under the following conditions:
  • attribution – You must give appropriate credit, provide a link to the license, and indicate if changes were made. You may do so in any reasonable manner, but not in any way that suggests the licensor endorses you or your use.
  • share alike – If you remix, transform, or build upon the material, you must distribute your contributions under the same or compatible license as the original.
Category:CC-BY-SA-3.0#Aslr%20stack%20smash.svg
Category:Stack data structures Category:Computer security
Category:CC-BY-SA-3.0 Category:Computer security Category:Stack data structures