Bugtraq mailing list archives
Re: DJB's students release 44 *nix software vulnerability advisories
From: Michal Zalewski <lcamtuf () dione ids pl>
Date: Thu, 23 Dec 2004 17:49:55 +0100 (CET)
On Tue, 21 Dec 2004, Jonathan Rockway wrote:
/bin/sh exists to run shell commands. That is the purpose of the shell. NASM, on the other hand, is designed to create object files from assembly files. If NASM starts running arbitrary code on your machine, it's doing something unauthorized. That is a security hole.
Consider this example: I am sending you an e-mail telling you to type "/usr/local/bin/game_of_pong AAAAAAAAAAAAAAAA(...)$ASCII_SHELLCODE". The game_of_pong utility happens to be have a command-line parameter buffer overflow problem. If you follow my instructions, you will get 0wned. The aforementioned application has a flaw, and as a result, did something it was not designed for. This does not constitute a remotely exploitable vulnerability by our standards, however. If it did, *all* bugs would belong to that category. What happened is that the user had became a wetware REMOTE->LOCAL gateway for all kinds of attacks, if he can be tricked into feeding untrusted and unchecked input received over the network into programs that were never designed to handle such information. We may and should blame the author for writing shoddy code, but this is not a remotely exploitable flaw in his software. I am not saying such a two-factor attack fits the "local" label; I am simply saying it does not belong to the "remote" bunch. /mz http://lcamtuf.coredump.cx/
Current thread:
- Re: DJB's students release 44 *nix software vulnerability advisories, (continued)
- Re: DJB's students release 44 *nix software vulnerability advisories milw0rm Inc. (Dec 21)
- Re: DJB's students release 44 *nix software vulnerability advisories Antoine Martin (Dec 21)
- Re: DJB's students release 44 *nix software vulnerability advisories Chris Paget (Dec 22)
- Re: DJB's students release 44 *nix software vulnerability advisories Jack Lloyd (Dec 22)
- Re: DJB's students release 44 *nix software vulnerability advisories milw0rm Inc. (Dec 21)
- Re: DJB's students release 44 *nix software vulnerability advisories Dave Holland (Dec 21)
- Re: DJB's students release 44 *nix software vulnerability advisories Thor (Dec 21)
- Re: DJB's students release 44 *nix software vulnerability advisories David F. Skoll (Dec 21)
- Re: DJB's students release 44 *nix software vulnerability advisories Jonathan Rockway (Dec 22)
- Re: DJB's students release 44 *nix software vulnerability advisories Casper . Dik (Dec 22)
- Re: DJB's students release 44 *nix software vulnerability advisories Michal Zalewski (Dec 23)
- Re: DJB's students release 44 *nix software vulnerability advisories Valdis . Kletnieks (Dec 22)
- Re: DJB's students release 44 *nix software vulnerability advisories laffer1 (Dec 21)
- Re: DJB's students release 44 *nix software vulnerability advisories Jonathan Rockway (Dec 22)
- Re: DJB's students release 44 *nix software vulnerability advisories Stephen Harris (Dec 21)
- Re: DJB's students release 44 *nix software vulnerability advisories Raymond M. Reskusich (Dec 21)
- Re: DJB's students release 44 *nix software vulnerability advisories David Wagner (Dec 24)
- Re: DJB's students release 44 *nix software vulnerability advisories Crispin Cowan (Dec 23)