From the sewer of misinformation and hype that is ntbugtraq, a rare factual and informative nugget:
For those interested, NGSS [David Litchfield’s outfit — PR] has just published a paper describing how to defeat the mechanism built into Windows 2003 Server to prevent exploitation of stack based buffer overflow vulnerabilities. Previous work done in this area presented methods that only worked in highly specific scenarios – the new methods presented in this paper are generic. The paper can be downloaded from http://www.nextgenss.com/papers/defeating-w2k3-stack-protection.pdf.
This is an interesting paper that will no doubt generate a lot of wailing, moaning, and gnashing of teeth. However, the fact remains that MS at least implemented a mechanism, and no doubt they will improve it as people (inside and outside of MS) learn how to defeat it. It’s just another small corner in the Great Security Arms Race™. I must say, though, that I’m not thrilled about Litchfield’s decision to post exploit code in the paper, but maybe I’m just an old fogey.
Paul's Down-Home Page 