On Sun, 12 Nov 2006 18:21:16 GMT, "Dave \"No, not that one\" Korn" said: > Georgi Guninski wrote: > > my question was: > > > > when was the first provable *public* (as in common sense) > > announcement of the exploitability of buffer overflows. > > The use of smashing the stack to seize control of the program flow was in > everyday usage on the Commodore PET from around 1979-1980ish. It was our > standard technique for making programs autorun after loading! Was that a "classic" smash-the-stack, where an overly long paramater is used to over-write the return pointer, or were you guys just intercepting the return pointer directly? If the latter, I'm pretty sure there was software that would overlay return pointers in order to redirect program flow as far back as IBM's OS/360 in the 1967-75 timeframe.
Attachment:
pgpYBO6sifd6C.pgp
Description: PGP signature
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/