Vulnerability Development mailing list archives
Must coredump? No. (Was: Local root through vuln...)
From: "Bluefish (P.Magnusson)" <11a () GMX NET>
Date: Thu, 24 Aug 2000 00:11:12 +0200
Any reason why it *has to* core dump before being exploitable? Maybe something's getting overwritten and it's still following a valid (although undesired) execution path?
No, it is of course not an axiom when you speak of softwares in general. The fact that softwares don't coredump on shellcode is enough to prove it wrong, and if it is overwriting data it could overwrite something like "DoSUID=False" to "DoSUID=True". Therefor, a security researcher should assume all vulnerabilities as exploitable until the subject is fully researched. My qoute:
Doesn't seem exploitable, but a bit funny :)
is very relaxed and unspecific. Anyone saying "Doesn't seem exploitable" should certainly not be considered to have real research behind his words. "Seem" is a very weak word. What I ment was that all testings I've done so far with traceroute has never once resulted in a coredump. Therefor I think, without strong research behind my words, that this specific bug does never cause a buffert overflow. I also assumed traceroute to be written of such simplicity and logical behaivor that there exists no condition where overwritten data can cause a problem. Thinking of it, the last assumption is a bit dangerous. I still think it to be true, but theoreticly a data overflow could do something really funny - like overwriting a formation string. Exploiting one vulnerability to exploit yet another :) ..:::::::::::::::::::::::::::::::::::::::::::::::::.. http://www.11a.nu || http://bluefish.11a.nu eleventh alliance development & security team ps. my mail about traceroute what based upon a few minutes of testing. The mail expressed opinions and conclusions based upon only this and some assumption drawn from the debate on ping. It did not contain one cent of real research :)
Current thread:
- Must coredump? No. (Was: Local root through vuln...) Bluefish (P.Magnusson) (Aug 23)
- Re: Must coredump? No. (Was: Local root through vuln...) Bluefish (P.Magnusson) (Aug 23)
- Re: Must coredump? No. (Was: Local root through vuln...) Daniel Jacobowitz (Aug 24)
- Re: Must coredump? No. (Was: Local root through vuln...) Bluefish (P.Magnusson) (Aug 25)