Secure Coding mailing list archives

COBOL Exploits

From: jericho at attrition.org (security curmudgeon)
Date: Fri, 2 Nov 2007 12:45:00 +0000 (UTC)


Hi Mark,

: The adolescent minds that engage in "exploits" wouldn't know COBOL if a 
: printout fell out a window and onto their heads.  I'm sure you can write 
: COBOL programs that crash, but it must be hard to make them take control 
: of the operating system.  COBOL programs are heavy into unit record 
: equipment (cards, line printers), tape files, disk files, sorts, merges, 
: report writing -- all the stuff that came down to 1959-model mainframes 
: from tabulating equipment.  They don't do Internet.  What they could do 
: and have done is incorporate malicious code that exploits rounding error 
: such that many fractional pennies end up in a conniving programmer's 
: bank account.

I'd love for you to show me such exploits, specifically citing the OS 
and/or affected programs *with* a public reference. =)

http://osvdb.org/
"Search"
Disclosure Date Range: 1960-01-01 to 1979-01-01

Please, help me add to the collection =) Many of these were uncovered by 
my own personal interest/research along with a few contributers to my 
challenge to find the oldest documented vulnerability: 
http://osvdb.org/blog/?p=77

Brian

Current thread:

COBOL Exploits Mark Rockman (Nov 01)
- COBOL Exploits security curmudgeon (Nov 02)
- COBOL Exploits ljknews (Nov 02)
- COBOL Exploits Leichter, Jerry (Nov 02)
- COBOL Exploits Kenneth Van Wyk (Nov 02)
- <Possible follow-ups>
- COBOL Exploits Peter G. Neumann (Nov 02)
  - COBOL Exploits Andrew van der Stock (Nov 17)