| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: lists at www.ngsec.com (lists@...EC) Subject: NGSEC's response to Idefense overflow protections whitepaper. (PART II) Mr Johnson, We have made available a paper conatining several (unpublished by iDefense's paper) tests agains PAX-like solutions in WIN32. Only tests not deep information on how this products works. Grab it at: [264 KB] http://www.ngsec.com/docs/whitepapers/NGSEC-Windows_overflow_protection_comparison.pdf With this paper will try be more accurate than Idefense's one in their windows testing. We will also try to clarify some reader mis-interpretations such as StackDefender not protecting .data sections in avtp.c testbed (see log below). If we succeed with our purposes is up to the reader. We encourage the readers to perform these tests (NGSEC sd_tester.c and Idefense avtp.c) and get their own conclusions. Not just reading states and claims from both parties as they may be in-accurated. Mr Johnson, we respect your wish to defend your company reputation too. But disclosing PRIVATE mails, partial contents on your INTERESTED parts is definetively not the way and a very bad idea. We could disclose some too for the readers but it is against our policy. NGSEC is no longer feeding this threat. Reader make your own conclusions. Best regards, --- LOG of StackDefender protection .data [Thu Aug 12 16:41:27 2004] ATTACK: Shellcode Execution Attempt from "avtp.exe" at 0x00408A91 Memory Dump: [0x00408A91] 0x5A 0x59 0x8B 0xD0 0xE8 0x7D 0xFF 0xFF [0x00408A99] 0xFF 0xB8 0x01 0x63 0x6D 0x64 0xC1 0xF8 [0x00408AA1] 0x08 0x50 0x89 0x65 0x34 0x33 0xC0 0x66 [0x00408AA9] 0xB8 0x90 0x01 0x2B 0xE0 0x54 0x83 0xC0 [0x00408AB1] 0x72 0x50 0xFF 0x55 0x24 0x33 0xC0 0x50 [0x00408AB9] 0x50 0x50 0x50 0x40 0x50 0x40 0x50 0xFF [0x00408AC1] 0x55 0x14 0x8B 0xF0 0x33 0xC0 0x33 0xDB [0x00408AC9] 0x50 0x50 0x50 0xB8 0x02 0x01 0x11 0x5C [0x00408AD1] 0xFE 0xCC 0x50 0x8B 0xC4 0xB3 0x10 0x53 [0x00408AD9] 0x50 0x56 0xFF 0x55 0x18 0x53 0x56 0xFF [0x00408AE1] 0x55 0x1C 0x53 0x8B 0xD4 0x2B 0xE3 0x8B [0x00408AE9] 0xCC 0x52 0x51 0x56 0xFF 0x55 0x20 0x8B [0x00408AF1] 0xF0 0x33 0xC9 0xB1 0x54 0x2B 0xE1 0x8B [0x00408AF9] 0xFC 0x57 0x33 0xC0 0xF3 0xAA 0x5F 0xC6 [0x00408B01] 0x07 0x44 0xFE 0x47 0x2D 0x57 0x8B 0xC6 [...] --- NEXT GENERATION SECURITY, S.L. [NGSEC] C\ O'donnell 46, 3º B 28009 - Madrid, SPAIN Tel: +34 91 435 56 27 Fax: +34 91 577 84 45 http://www.ngsec.com
Powered by blists - more mailing lists