i was searching for information on biologically inspired response to unknown vulnerabilities and i thought that if the system could extrapolate the full scope of poly/metamorphism available to the vulnerabilities that i could cut down on the overhead of discovering each at time of occurrence. this lead me to a paper on the davis malcode analyzer (dacoda) and that in turn lead me to this paper:

http://wwwcsif.cs.ucdavis.edu/~crandall/wuformat.txt

it is an old exploit. far too old to be useful except to teach some interesting lessons. the exploit works against wu-ftpd 2.6. more importantly it works against a chrooted/jailed wu-ftp 2.6 that also is protected by stackguard and random library addresses and non-executable pages. the attack is remote and does not even require the attack to have the right to upload content.

i hope this may help teach those who wish to learn about the importance of understanding security requirements deeply enough to know if your security solution actually meets those requirements or if it is just considered standard.