Comment by nurettin

Comment by nurettin 3 days ago

Yes but how? After the overflow they still have to know the address of the next call site and the server would be in a UB state.

frumplestlatz 2 days ago

UB state doesn’t mean totally uncontrollable or opaque.

There are lots of ways the server could leak information about its internal state, and exploits have absolutely been implemented in the past based only on what was visible remotely.

Reply View 0 replies

jacquesm 3 days ago

The code is on github. Figure out a way to get a shell through that code and you're hosed if someone recognizes it in active use.

Reply View 3 replies

nurettin 3 days ago

I mean tha hacker won't know what software is running on the server, unless the server announces itself which can be traced to the repo, but then, why ?? Who cares about this guy's vps? This whole thread makes no sense to me and I'm the only one questioning.

Reply View | 2 replies
- jacquesm 2 days ago
  
  > This whole thread makes no sense to me and I'm the only one questioning.
  That may well be because this isn't your field?
  
  Reply View | 1 reply
  
  nurettin 2 days ago
  
  Or maybe well thought out, intelligent responses are a rare thing. Occam's razor suggests the latter.
  
  Reply View | 0 replies