|
|
|
Size matters when hell freezes over |
Si vous voulez bloquer ce service sur vos fils RSS
Si vous voulez nous contacter ou nous proposer un fil RSS
Menu > Articles de la revue de presse : - l'ensemble [ tous | francophone] - par mots clé [ tous] - par site [ tous] - le tagwall [ voir] - Top bi-hebdo de la revue de presse [ Voir]
Size matters when hell freezes over Par A bug's lifeLe [2009-01-16] à 02:50:50
Présentation : Doing silly bugs is relaxing. They give your brain a break, and you can write the exploit on autopilot. As an extension of the previously mentioned AIX fun, I am currently chewing through a bunch of vanilla stack overflows to plug into the AIXRoot module. Today I was looking at the 2008 'errpt' unspecified overflow, and hilarity ensued. The patch is fairly straightforward, a sprintf call in the 'eprint' error printing function got changed to a snprintf call. What's curious about it, is the proposed size limitation of the sprintf ... 0x7530!? Why that's more than 0x7350. But, 30000 bytes? Yesh, they use a 30000 byte stackbuffer as the destination for their sprintf. The vulnerable version thus requires a commandline input of 0x7530 + whatever to reach a saved link register on the stack. Sheesh. The default limit for ARG/ENV length in the AIX SMIT OS Characteristics is 6*4K. That means that, although you can reach the vulnerability quite easily ... you can't actually overflow the ginormous stack buffer to hit any process critical memory. If you change the ARG/ENV allowance to 32K life is better ... which is of course an entirely feasible scenario ... *cough*. Tomorrow: exploits that don't require pigs in flight. Maybe.
Les derniers articles du site "A bug's life" :
- On wrestling crocodiles
- Taking the left hand path
- Oh bugger.
- Size matters when hell freezes over
- Things to do with MOSDEF when you're dead
- You can only sit down if you are a human being
Menu > Articles de la revue de presse : - l'ensemble [ tous | francophone] - par mots clé [ tous] - par site [ tous] - le tagwall [ voir] - Top bi-hebdo de la revue de presse [ Voir]
Si vous voulez bloquer ce service sur vos fils RSS :
- avec iptables "iptables -A INPUT -s 88.191.75.173 --dport 80 -j DROP"
- avec ipfw et wipfw "ipfw add deny from 88.191.75.173 to any 80"
- Nous contacter par mail
| Mini-Tagwall des articles publiés sur SecuObs : | | | | sécurité, exploit, windows, attaque, outil, microsoft, réseau, audit, metasploit, vulnérabilité, système, virus, internet, usbsploit, données, source, linux, protocol, présentation, scanne, réseaux, scanner, bluetooth, conférence, reverse, shell, meterpreter, vista, rootkit, détection, mobile, security, malicieux, engineering, téléphone, paquet, trames, https, noyau, utilisant, intel, wishmaster, google, sysun, libre |
| Mini-Tagwall de l'annuaire video : | | | | curit, security, biomet, metasploit, biometric, cking, password, windows, botnet, defcon, tutorial, crypt, xploit, exploit, lockpicking, linux, attack, wireshark, vmware, rootkit, conference, network, shmoocon, backtrack, virus, conficker, elcom, etter, elcomsoft, server, meterpreter, openvpn, ettercap, openbs, iphone, shell, openbsd, iptables, securitytube, deepsec, source, office, systm, openssh, radio |
| Mini-Tagwall des articles de la revue de presse : | | | | security, microsoft, windows, hacker, attack, network, vulnerability, google, exploit, malware, internet, remote, iphone, server, inject, patch, apple, twitter, mobile, virus, ebook, facebook, vulnérabilité, crypt, source, linux, password, intel, research, virtual, phish, access, tutorial, trojan, social, privacy, firefox, adobe, overflow, office, cisco, conficker, botnet, pirate, sécurité |
| Mini-Tagwall des Tweets de la revue Twitter : | | | | security, linux, botnet, attack, metasploit, cisco, defcon, phish, exploit, google, inject, server, firewall, network, twitter, vmware, windows, microsoft, compliance, vulnerability, python, engineering, source, kernel, crypt, social, overflow, nessus, crack, hacker, virus, iphone, patch, virtual, javascript, malware, conficker, pentest, research, email, password, adobe, apache, proxy, backtrack |
|
|
|
|
|
