lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Fri, 13 Jun 2008 11:27:41 -0700
From: "Michael Wojcik" <Michael.Wojcik@...roFocus.com>
To: <bugtraq@...urityfocus.com>
Cc: <Jon.Kibler@...t.com>
Subject: RE: AS/400 Vulnerabilities

> From: Jon Kibler [mailto:Jon.Kibler@...t.com] 
> Sent: Thursday, 12 June, 2008 14:54
> To: bugtraq@...urityfocus.com
> 
>   2) Are the boxes really just unstable to malformed network 
> data, but not exploitable?

Exploiting data-handling vulnerabilities (as opposed to design
vulnerabilities, like missing access checks) is difficult on the AS/400
(aka iSeries, and various other names), because it's a capability
architecture. Attacks like stack overflows don't apply to the '400 the
way they do to more common virtual-address-space systems.

Of course that doesn't mean that they're not exploitable, just that the
exploits will take different forms. (In most cases - processes running
in the PASE enviroment are an exception, though I couldn't say just what
access you might get by breaking one.)

I think it's an area that's definitely worth investigation, but few
researchers (whatever their hat color) seem to have done much with
capability architectures in general or the '400 in particular. And it
doesn't look like many are motivated to acquire the necessary knowledge
to do so.

That is a bit of a shame, as capability architectures are interesting in
themselves, and have interesting security implications, and the '400 has
shown that they're commercially viable. Intel's early effort at a
capability architecture (the 432) died because it couldn't compete on
performance, but the long life of the '400 suggests that perhaps the
time is right to try again.

-- 
Michael Wojcik
Principal Software Systems Developer, Micro Focus

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ