Dailydave mailing list archives
Re: 0day RealServer exploit demo
From: "Dave Korn" <dave.korn () artimi com>
Date: Fri, 4 Jan 2008 19:59:31 -0000
On 04 January 2008 08:15, admin () gleg net wrote:
Hi,On 03 January 2008 10:26, admin () gleg net wrote:The demonstrated CANVAS module exploits a heap overflow vulnerability in RealServer. The exploit was available to our clients since Oct 3, 2007. Feel free to email me if any questions appear.Ok, since you did say "any questions", I do have a question: Q: What's the bug and how do I trigger it (apart from by buying VulnDisco)?Honestly, what answer you expect to get from me? ;-)
A silly or humorous one! :-) Plus, maybe, the start of a thread about those SWF demos that people are always showing these days. Because after all, they're not very exciting to watch, and they're all pretty much the same; you see a cursor, it makes a few selections from a few dialog boxes, it clicks "Start", a window opens saying that it's a shell and that it's running on a different machine... apart from the text in the drop-down box in the dialog when the particular exploit is selected, they're all basically identical. And of course they are all showing you the dull end of the exploit, when all the 'action' is taking place at the remote end. I thought it might be interesting to raise the topic of whether they could be made more demonstrative and informative yet without giving too much away that people don't want to disclose. For example, it might be possible to add a little picture-in-picture inset, showing a sort of broad overview of the target process' memory space, maybe using different colours to show the evil data arriving in the target's memory, being processed, and ending up being executed. Something like that might give people a general idea of whether it was a heap or a buffer overflow, and how clever/tricky it was, without giving away enough information to even start trying to reverse it; but imagine watching a unicode venetian blind exploit constructing itself in front of your eyes, or seeing strings being concatenated until they spill out of a buffer. There must be ideas like this that could add value to what are otherwise fairly dull demos, don't you think? cheers, DaveK -- Can't think of a witty .sigline today.... _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- 0day RealServer exploit demo admin (Jan 03)
- Message not available
- Message not available
- Re: 0day RealServer exploit demo Dave Korn (Jan 14)
- Re: 0day RealServer exploit demo admin (Jan 15)
- Message not available
- Message not available