Re: Have real exploits of arithmetic overflows happened?
- From: Ertugrul Soeylemez <usenet@xxxxxxxxxxxxxx>
- Date: Wed, 14 Feb 2007 02:23:16 +0100
clc5q@xxxxxxxxxxxxxxxxxxxxx (Clark L. Coleman) (07-02-13 17:45:07):
Searching through security bulletins, you see many reports of buffer
overflow vulnerabilities, perhaps 10-15% that many format string
vulnerabilities, even fewer integer overflow and/or signedness
vulnerabilities, and even fewer double-free vulnerabilities.
These are all reported by security firms that were reviewing code, or
random open source code reviewers. What I am wondering is: Have there
actually been successful exploits of the more exotic vulnerabilities
(e.g. integer overflow or double-free), as opposed to just reports of
vulnerabilities?
In both my teaching and research I would like to comment on whether
anyone's system has ever really been damaged by an attacker using such
an exploit, as opposed to proof-of-concept reports.
Probably a lot of them have been exploited actively, but not necessarily
against large networks or well-known hosts (Google, Amazon, Ebay, ...).
I can't imagine that the TCP options bug in the Linux Netfilter wasn't
exploited somewhere in the wild. It was a signedness bug, which could
be exploited to drop the kernel into an endless loop.
Regards,
E.S.
.
- References:
- Have real exploits of arithmetic overflows happened?
- From: Clark L. Coleman
- Have real exploits of arithmetic overflows happened?
- Prev by Date: Have real exploits of arithmetic overflows happened?
- Next by Date: Re: Have real exploits of arithmetic overflows happened?
- Previous by thread: Have real exploits of arithmetic overflows happened?
- Next by thread: Re: Have real exploits of arithmetic overflows happened?
- Index(es):
Relevant Pages
|
|
