Re: Public disclosure of discovered vulnerabilities

From: Hank Oredson (horedson_at_earthlink.net)
Date: 06/07/05

• Next message: Hank Oredson: "Re: Public disclosure of discovered vulnerabilities"
• Previous message: Hank Oredson: "Re: Public disclosure of discovered vulnerabilities"
• In reply to: David Wagner: "Re: Public disclosure of discovered vulnerabilities"
• Next in thread: Bodo Moeller: "Re: Public disclosure of discovered vulnerabilities"
• Reply: Bodo Moeller: "Re: Public disclosure of discovered vulnerabilities"
• Reply: David Wagner: "Re: Public disclosure of discovered vulnerabilities"
• Reply: Anne & Lynn Wheeler: "Re: Public disclosure of discovered vulnerabilities"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Tue, 07 Jun 2005 15:43:20 GMT

"David Wagner" <daw@taverner.cs.berkeley.edu> wrote in message
news:d83olr$t78$3@agate.berkeley.edu...
> John E. Hadstate wrote:
>>"David Wagner" <daw@taverner.cs.berkeley.edu> wrote:
>>> heap exploits,
>>> return-into-libc buffer overruns, GOT table overruns, NOP
>>> landing pads, [...]
>>> format string vulnerabilities, integer overflow
>>> vulnerabilities, double-free vulnerabilities, [...]
>>
>>I don't know what "people" understood, but I experimented
>>with, experienced and understood all of them more than 20
>>years ago.
>
> I confess I'm pretty surprised to see you write that. Do you really mean
> what you wrote? If so, I'm stunned and truly impressed. What can I say?
> I guess you were a decade or more ahead of the rest of us.
>
> I've followed the state of the art in buffer overrun exploitation.
> I remembered when many of these new methods were first discovered
> and revealed to the public, and they were not obvious at the time.
> I remember the bugtraq posts and exploit code that first revealed most

Oh my.
Did you know there was computing before bugtraq?
Are you aware that there were bugs (and exploits!) prior it it?
You are talking about NEW stuff, we are talking about OLD stuff.
OLD as in 40 years ago. The early 60s. For some odd reason
nobody posted those to bugtraq ...

> of these methods. I am quite certain that it was a lot more recently
> than 20 years ago: if I can remember when they were first discovered,
> that was certainly less than 20 years ago.

Utter nonesense. Or better: "Not even wrong."

> (Actually, NOP landing pads might be very old -- I don't know about
> that one. But I think the other buffer overrun methods are quite recent.
> There was a time when most people thought that stack overruns were pretty
> much the only kind of overrun worth worrying about.)
>
> Likewise, the discovery that double-free bugs and format string bugs
> could be exploited to take over your machine was quite recent -- in the
> past decade.
>
> If you were fully aware of these attack techniques 20 years ago, well,
> gee, you were lightyears ahead of what was publicly known at the time.
> I can tell you that there was no public knowledge of this stuff 20
> years ago. I can tell you that there was no understanding of this in
> the security community 20 years ago. If anyone knew of all these attack
> methods 20 years ago, they weren't talking. I wish we'd known about
> this 20 years ago...
>
> Do I need to dig up citations to the first known public description
> of these attacks, to convince you that this wasn't known to the public
> community 20 years ago? I'm a bit reluctant to go to the work, but I'll
> give it a try if you really want.

-- 
  ... Hank
http://home.earthlink.net/~horedson
http://home.earthlink.net/~w0rli 

• Next message: Hank Oredson: "Re: Public disclosure of discovered vulnerabilities"
• Previous message: Hank Oredson: "Re: Public disclosure of discovered vulnerabilities"
• In reply to: David Wagner: "Re: Public disclosure of discovered vulnerabilities"
• Next in thread: Bodo Moeller: "Re: Public disclosure of discovered vulnerabilities"
• Reply: Bodo Moeller: "Re: Public disclosure of discovered vulnerabilities"
• Reply: David Wagner: "Re: Public disclosure of discovered vulnerabilities"
• Reply: Anne & Lynn Wheeler: "Re: Public disclosure of discovered vulnerabilities"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: [Lit.] Buffer overruns ... that a buffer overrun exists in this program ", ... is these tools also have the potential to miss a lot of bugs. ... a bug-finding tool and fixed every bug it found; ... What does this have to do with ABC? ... (sci.crypt) Re: [Lit.] Buffer overruns ... The distribution of bugs falls off very ... >pulled from cve database and exploit descriptions. ... >entries (not this isn't about the percentage of buffer overrun bugs, ... >vulnerabilities involved buffer overrun vulnerabilities (which was ... (sci.crypt) Re: Public disclosure of discovered vulnerabilities ... I've followed the state of the art in buffer overrun exploitation. ... the discovery that double-free bugs and format string bugs ... If you were fully aware of these attack techniques 20 years ago, well, ... the security community 20 years ago. ... (sci.crypt) Re: FastMM (and others) feature suggestion ... Pierre, THANK YOU so much for your fantastic piece of software, especially ... buffer overrun detection will be a must! ... >> just a thought on how to make bugs in applications easier to spot.. ... >> have an option that on free, memory blocks are cleared. ... (borland.public.delphi.language.basm) Re: Buffer overrun ... An attack in which a malicious user exploits an unchecked buffer in a ... Cause your girlfriends puter is doing the same it would appear that you have ... > Does anyone else have a problem with a buffer overrun problem? ... (microsoft.public.windows.inetexplorer.ie6.browser)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint