Bugtraq mailing list archives
RE: AS/400 Vulnerabilities
From: "Michael Wojcik" <Michael.Wojcik () MicroFocus com>
Date: Fri, 13 Jun 2008 11:27:41 -0700
From: Jon Kibler [mailto:Jon.Kibler () aset com] Sent: Thursday, 12 June, 2008 14:54 To: bugtraq () securityfocus com 2) Are the boxes really just unstable to malformed network data, but not exploitable?
Exploiting data-handling vulnerabilities (as opposed to design vulnerabilities, like missing access checks) is difficult on the AS/400 (aka iSeries, and various other names), because it's a capability architecture. Attacks like stack overflows don't apply to the '400 the way they do to more common virtual-address-space systems. Of course that doesn't mean that they're not exploitable, just that the exploits will take different forms. (In most cases - processes running in the PASE enviroment are an exception, though I couldn't say just what access you might get by breaking one.) I think it's an area that's definitely worth investigation, but few researchers (whatever their hat color) seem to have done much with capability architectures in general or the '400 in particular. And it doesn't look like many are motivated to acquire the necessary knowledge to do so. That is a bit of a shame, as capability architectures are interesting in themselves, and have interesting security implications, and the '400 has shown that they're commercially viable. Intel's early effort at a capability architecture (the 432) died because it couldn't compete on performance, but the long life of the '400 suggests that perhaps the time is right to try again. -- Michael Wojcik Principal Software Systems Developer, Micro Focus
Current thread:
- AS/400 Vulnerabilities Jon Kibler (Jun 13)
- RE: AS/400 Vulnerabilities Michael Wojcik (Jun 13)
- Re: AS/400 Vulnerabilities security curmudgeon (Jun 14)
- Re: AS/400 Vulnerabilities Marco Ivaldi (Jun 16)
- Re: Summary of AS/400 Vulnerability Information Jon Kibler (Jun 23)