Problem $6.(12$ points$)$:

Recently, Microsoft's SQL Server was hit by the SQL Slammer worm, which exploits a known buffer

overflow in the SQL Resolution Service. Today, we'll be writing our own $213$ Slammer that exploits the

vulnerability introduced in bufbomb, the executable used in your Lab $3$ assignment. And as such, Gets

has the same functionality as in Lab $3$ except that it strips off the newline character before storing the input

string.

Consider the following exploit code, which runs the program into an infinite loop:

infinite.o: file format elf$32-1386$

Disassembly of section $.$text:

text$>$:

$0$:$,68$ fc b$2$ ff be push $$0$xbfffb$2$fc

$5$: c$3$ ret

$6$: $8916$ mov sesi, besi

Here is a disassembled version of the getbuf function in bufbomb, along with the values of the relevant

registers and a printout of the stack before the call to Gets $().$

$($gclb$)$ disas

Dump of assembler code for function getbuf:

$08048a4408048a45$:$08048a4708048a4a08048a5008048a5108048a5b08048a5d$:$08048a5e0xbffb2fc,0x000$ esp $0xbffb2e0,$ebp,$0xbfffb308$ esi Oxfffffff $\frac{x}{20}xb\frac{\frac{?}{?}}{0}(0x00)$