funsec mailing list archives
I have a bad feeling about this
From: Rich Kulawiec <rsk () gsp org>
Date: Fri, 18 Apr 2008 14:21:42 -0400
Automatic Patch-Based Exploit Generation http://www.cs.cmu.edu/~dbrumley/pubs/apeg.html "The automatic patch-based exploit generation problem is: given a program P and a patched version of the program P', automatically generate an exploit for the potentially unknown vulnerability present in P but fixed in P'. In this paper, we propose techniques for automatic patch-based exploit generation, and show that our techniques can automatically generate exploits for vulnerable programs based upon patches provided via Windows Update." That part doesn't bother me: my response to Microsoft products is to quote Zathras: "This...is wrong tool. Never use this." The part that bothers me is that if they're right, and having only skimmed the paper, I offer no opinion on that yet, then it seems to me that this technique may work on other systems. ---Rsk _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- I have a bad feeling about this Rich Kulawiec (Apr 18)