[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <3FFDDD47.9090208@corest.com>
Date: Thu, 08 Jan 2004 19:44:23 -0300
From: Ivan Arce <ivan.arce@...est.com>
To: "Lachniet, Mark" <mlachniet@...uoianet.com>
Cc: bugtraq <bugtraq@...urityfocus.com>, pen-test@...urityfocus.com
Subject: Re: Openssl proof of concept code?
Lachniet, Mark wrote:
> ...
>
> Is anyone aware of a reasonable way for an analyst to definitively
> demonstrate if the vulnerabilities exist in a particular product? Since
> some of the bugs deal with bad client certificates, some might be as
> easy as getting a copy of a "bad" client certificate and connecting to
> the server using a program such as stunnel, but I have yet to see
> anything about this. Alternately, has anyone written a good program to
> remotely identify what SSL codebase is in use, other than looking for it
> in HTTP server headers? Nessus' ssltest.nasl can allegedly distinguish
> between a openssl and MS CryptoAPI or Novell, but this isn't really
> enough in my opinion. If conventional tools (i.e. Nessus and other
> scanners) can't really fingerprint it, how might one go a little further
> and determine this from a "black box" perspective? I understand that
> with a good deal of development time and effort, this can probably be
> done, but this is probably not realistic for most organizations to do on
> their own.
Here is were the usefulness of exploit code is demostrated.
The best way to determine if a system is vulnerable to a given vulnerability
is to actually try to exploit it. If you had a reliable exploit for the bug
you wouldnt care that much about putting a great effort into identifying
the specific codebase and version of the SSL implementation you are
testing.
Writing a good-enough vulnerability check without explotation is sometimes
as hard or even harder than writing a working exploit.
And while we are at this. Has anybody done any research on the possibility
of stack overflows due to infinite recursion on windows or linux systems?
-ivan
---
Ivan Arce
CTO
CORE SECURITY TECHNOLOGIES
46 Farnsworth Street
Boston, MA 02210
Ph: 617-399-6980
Fax: 617-399-6987
ivan.arce@...esecurity.com
www.coresecurity.com
PGP Fingerprint: C7A8 ED85 8D7B 9ADC 6836 B25D 207B E78E 2AD1 F65A
---------------------------------------------------------------------------
----------------------------------------------------------------------------
Powered by blists - more mailing lists