|
|
| Applications |
| Mailing Lists |
| Miscellaneous |
| Operating Systems |
| Programming |
Re: Analyze binary for holes
Date: Wed Jul 30 2003 - 19:18:48 EDT
The most effective way is to debug the executables, and look for vulnerable
function calls.
Check that it does (or does not) check for boundaries for potential buffer
overflows.
Check that the writer has not ignored and directly accessed rewritable
memory space, instead of using format strings when dealing with strings etc.
SUID roots et al, gives a way for a vulnerable program to be exploited for privilege escalation, it does NOT mean the program IS vulnerable, although it could be.
HTH, kind regards
- Original Message ----- From: "Peter Bondra" <olafandjasper@hushmail.com> To: <vuln-dev@securityfocus.com> Sent: Wednesday, July 30, 2003 2:20 AM Subject: Analyze binary for holes
The platforms I am testing are: SunOs Solaris 2.7/8/9(SPARC) and Windows NT/2000/XP.
This is my process, maybe you could direct and fill in the massive blanks:
UNIX:
In the unix world my first step is to list out the SUID-root files.
My next step is to identify which files have potential vulnerabilities.
On the Unix side I have used strings, but what does that tell me about.
I have seen a few mallocs, callocs, and things that look like a format
string for a printf... But not sure what to do next...SO I was thinking
of brute forcing the binary command line args and/or environmental vars
to see if I can dump core..
Can you identify potential format string vulnerabilities from binary? Can you identify potential buffer overflow vulns. from binary?
WINDOWS:
I have no idea how to recognize a vulnerable program in the Windows
word.Is there anything like SUID-roor, etc??
Thanks Received on Thu Jul 31 12:15:13 2003
This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:07:40 EDT
|
Contact Us Legal Notices Order Services Online Pantek Home Privacy Policy IT news Site Map Pantek Library |