Attacker Code Execution

We type a correct password of less than 12 characters:
The login request is allowed.
Now let us type “BadPassWd” when we are asked to provide the password:
The login request is rejected.

We can carefully overflow the return address so it contains the value of an address where we put some code we want executed.

ShellCode
create a shell which allows it to execute any code the attacker wants

Whose privileges are used when attacker code is executed?
-the host program’s
-system service or OS root privileges

National Vulnerability Database(NVD)

Variations of buffer overflow
-return-to-libc: the return address is overwritten to point to a standard library function
-heap overlows: data stored in the heap is overwritten. data can be tables of function pointers.
-OpenSSL Heartbleed vulnerability: read much more of the buffer than just the data, which may include sensitive data.