lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Mon Mar 27 02:29:45 2006
From: dinis at ddplus.net (Dinis Cruz)
Subject: Buffer OverFlow in ILASM and ILDASM

Hello, just in case you haven't seen this one...

Last year I found a Buffer Overflow in Microsoft's .Net SDK ILDASM tool
which I reported privately to MSRC and eventually (after Microsoft's
response) publicly to the (low profile) Owasp-dotnet mailing list.

I was waiting for Microsoft to publicly post something about this
(although they are not going to fix it in the near future, they should
at least make their customers aware of the issue), but since they don't
seem willing to do it, here is a copy of the email I sent to the
Owasp-dotnet mailing list on 14th December 2005:

/"I just posted to this forum (Owasp .Net <http://www.owasp.net/forums/>
? Forums <http://owasp.net/forums/default.aspx?ForumGroupID=4> ? .Net
Security <http://owasp.net/forums/5/ShowForum.aspx>) a series of posts
that existed in a private forum of www.owasp.net (used for issues like
this (i.e. we want the information to be shared amongst selected
Owasp.Net users but don't want it to be publicly disclosed (yet))) about
a vulnerability that me and Kerem discovered on ILASM and ILDASM:
/

    * /To MSRC: Buffer OverFlow in ILASM and ILDASM
      <http://www.owasp.net/forums/257/ShowPost.aspx> - The entire email
      conversation with MSRC (secure@...rosoft.com) going from the
      initial response to the final answer where they will not threat
      this as a vulnerability and will not issue a security advisory for
      it (the solution will be included in the next Service Pack)
      /
    * /Buffer Overflow in ILASM
      <http://www.owasp.net/forums/222/ShowPost.aspx> - original email
      containing my first thoughts/
    * /ILDASM Exception Creator
      <http://www.owasp.net/forums/234/ShowPost.aspx>- little tool
      created by Kerem to create .Net assemblies that crash ILDASM
      /
    * / ILDAM vulnerability ShellCode development
      <http://owasp.net/forums/252/ShowPost.aspx>
      <http://owasp.net/forums/252/ShowPost.aspx>- more code snippets
      and comments (now related to trying to inject a shellcode into the
      vulnerable process)/

/The bottom line is that this is a real issue in 1.1 and 1.0 (2.0 seems
to mitigate them), Microsoft has acknowledge the problem but will not
release a patch any time soon.

So be careful when you ILDASM something.

I also think that this issue needs further research since when we were
testing the Overflows we were finding them in several places in ILASM
and ILDASM (which means that there are probably many more variations
still to be discovered/mapped)
/
/Dinis Cruz
Owasp .Net Project Leader
www.owasp.net "/


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20060327/d7c57e5c/attachment.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ