|
|
Si vous voulez bloquer ce service sur vos fils RSS
Si vous voulez nous contacter ou nous proposer un fil RSS
Menu > Articles de la revue de presse : - l'ensemble [ tous | francophone] - par mots clé [ tous] - par site [ tous] - le tagwall [ voir] - Top bi-hebdo de la revue de presse [ Voir]
Présentation : Nearly every day a security advisory is published for some vendor's product. Depending on who publishes the advisories, they may contain few or even no technical details describing what was changed from one version of the software to the next. DarunGrim2 is a free binary diffing tool by Jeongwook Oh. It uses IDA Database files .idb to analyze and compare two binaries and implements several algorithms to improve the overall analysis. So if you want to know exactly what issue s were supposedly fixed in the next version of the software, DarunGrim2 can help. When you download DarunGrim2 from the website be sure to read the Usage. For a brief demonstration, I've given DarunGrim2 two untouched IDBs no variables or functions renamed, etc from two binaries referred to as Original and Patched . Original left contains the vulnerability, while patched right includes the fix. We see to the far right Match Rate . This simply shows what percentage of the function's code from Original to Patched is the same. In more complex binaries, if very little code is changed to fix the vulnerability, and no other significant changes were made, the Match Rate should be slightly less than 100pourcents. But since this binary is very small, 50pourcents is reasonable for a patch. sub_4012E5 is clearly unmatched across Original and Patched, lets check it out. Carefully read the disassembly. What is the difference ORIGINAL mov eax, ebp arg_0 mov esp ,eax char call strlen -- calls strlen for the argument to the function. PATCHED lea eax, ebp var_28 mov esp ,eax char call strlen -- calls strlen for a local variable in the function. sub_40132A passes its three arguments, which came from sub_4012E5, to memcpy . mov eax, ebp arg_8 mov esp 8 ,eax size_t strlen returns a size_t for memcpy , telling it to copy n bytes from src. Earlier, when the strlen for Original was called, it became the size of the src arg_0 to the function. But when the strlen for Patched was called, it became the size of the dest var_28 . The code looks similar to this for Original memcpy var_28 ,arg_0, strlen arg_0 and something like this for Patched memcpy var_28 ,arg_0, strlen var_28 So, what did they fix A buffer overflow vulnerability. In the original, if more data than the local variable can hold is passed via the argument, memory could be corrupted. This is patched by using the size of the local variable to dictate the amount data to copy into local variable, instead of using the size of the argument. Isn't binary diffing fun
Les derniers articles du site "Jeremy's Computer Security Blog" :
- What did they fix
- Adobe Flash Temporary Filename Scheme
- Reverse Engineering File Formats
- Browser Fuzzer 3
- Writing Code that Breaks Code
- Mozilla Code sighs
- From Static Analysis to 0day Exploit
- Some vendors are 'unconcerned'
- Firefox Local Download Manager Vulnerability
- Desktop Management Interface DMI
Menu > Articles de la revue de presse : - l'ensemble [ tous | francophone] - par mots clé [ tous] - par site [ tous] - le tagwall [ voir] - Top bi-hebdo de la revue de presse [ Voir]
Si vous voulez bloquer ce service sur vos fils RSS :
- avec iptables "iptables -A INPUT -s 88.191.75.173 --dport 80 -j DROP"
- avec ipfw et wipfw "ipfw add deny from 88.191.75.173 to any 80"
- Nous contacter par mail
| Mini-Tagwall des articles publiés sur SecuObs : | | | | sécurité, exploit, windows, attaque, outil, microsoft, réseau, audit, metasploit, vulnérabilité, système, virus, internet, usbsploit, données, source, linux, protocol, présentation, scanne, réseaux, scanner, bluetooth, conférence, reverse, shell, meterpreter, vista, rootkit, détection, mobile, security, malicieux, engineering, téléphone, paquet, trames, https, noyau, utilisant, intel, wishmaster, google, sysun, libre |
| Mini-Tagwall de l'annuaire video : | | | | curit, security, biomet, metasploit, biometric, cking, password, windows, botnet, defcon, tutorial, crypt, xploit, exploit, lockpicking, linux, attack, wireshark, vmware, rootkit, conference, network, shmoocon, backtrack, virus, conficker, elcom, etter, elcomsoft, server, meterpreter, openvpn, ettercap, openbs, iphone, shell, openbsd, iptables, securitytube, deepsec, source, office, systm, openssh, radio |
| Mini-Tagwall des articles de la revue de presse : | | | | security, microsoft, windows, hacker, attack, network, vulnerability, google, exploit, malware, internet, remote, iphone, server, inject, patch, apple, twitter, mobile, virus, ebook, facebook, vulnérabilité, crypt, source, linux, password, intel, research, virtual, phish, access, tutorial, trojan, social, privacy, firefox, adobe, overflow, office, cisco, conficker, botnet, pirate, sécurité |
| Mini-Tagwall des Tweets de la revue Twitter : | | | | security, linux, botnet, attack, metasploit, cisco, defcon, phish, exploit, google, inject, server, firewall, network, twitter, vmware, windows, microsoft, compliance, vulnerability, python, engineering, source, kernel, crypt, social, overflow, nessus, crack, hacker, virus, iphone, patch, virtual, javascript, malware, conficker, pentest, research, email, password, adobe, apache, proxy, backtrack |
|
|
|
|
|
