Re: DJB's students release 44 *nix software vulnerability advisories

From: Michal Zalewski (lcamtuf_at_dione.ids.pl)
Date: 12/23/04

  • Next message: D. J. Bernstein: "Re: DJB's students release 44 *nix software vulnerability advisories"
    Date: Thu, 23 Dec 2004 17:49:55 +0100 (CET)
    To: Jonathan Rockway <jrockw2@uic.edu>
    
    

    On Tue, 21 Dec 2004, Jonathan Rockway wrote:

    > /bin/sh exists to run shell commands. That is the purpose of the
    > shell. NASM, on the other hand, is designed to create object files
    > from assembly files. If NASM starts running arbitrary code on your
    > machine, it's doing something unauthorized. That is a security hole.

    Consider this example: I am sending you an e-mail telling you to type
    "/usr/local/bin/game_of_pong AAAAAAAAAAAAAAAA(...)$ASCII_SHELLCODE". The
    game_of_pong utility happens to be have a command-line parameter buffer
    overflow problem. If you follow my instructions, you will get 0wned.

    The aforementioned application has a flaw, and as a result, did something
    it was not designed for. This does not constitute a remotely exploitable
    vulnerability by our standards, however. If it did, *all* bugs would
    belong to that category.

    What happened is that the user had became a wetware REMOTE->LOCAL gateway
    for all kinds of attacks, if he can be tricked into feeding untrusted and
    unchecked input received over the network into programs that were never
    designed to handle such information.

    We may and should blame the author for writing shoddy code, but this is
    not a remotely exploitable flaw in his software.

    I am not saying such a two-factor attack fits the "local" label; I am
    simply saying it does not belong to the "remote" bunch.

    /mz
    http://lcamtuf.coredump.cx/


  • Next message: D. J. Bernstein: "Re: DJB's students release 44 *nix software vulnerability advisories"

    Relevant Pages

    • Nasm for Minix 3
      ... An object file converter can be obtained from ... created by nasm on Minix 3 to ACK object files, ... Nasm 0.98.39 builds 'out of the box' on Minix 3, ...
      (comp.os.minix)
    • Re: DJBs students release 44 *nix software vulnerability advisories
      ... NASM, on the other hand, is designed to create object files ... >from assembly files. ... If NASM starts running arbitrary code on your ...
      (Bugtraq)
    • Re: Speed up the process
      ... I am not familar with that. ... Is that something that nasm can make? ... You tell it your program's dependencies (that is, which object files are used to create the executable, and which source files are used to build the object files), and tell it the command lines to link and create the object files. ...
      (alt.lang.asm)
    • Why does an object file from a C++ compile on TNS/E contain functions not in the source?
      ... I never noticed before, but all of my object files from my C++ compilations have 1000+ functions that, to my thinking, don't belong there. ... The lone object file compiled from a C source file contains only the functions I put there. ...
      (comp.sys.tandem)