lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20041217232802.GB23717@melina11.ds11.agh.edu.pl>
Date: Sat, 18 Dec 2004 00:28:02 +0100
From: Marcin Owsiany <marcin@...iany.pl>
To: bugtraq@...urityfocus.com
Subject: Re: DJB's students release 44 *nix software vulnerability advisories


On Fri, Dec 17, 2004 at 01:16:44PM +0100, cees-bart wrote:
> Most of the 44 posted "security" advisories are about software bugs with 
> a very low security risk. See for example the posted bug on NASM 
> (http://tigger.uic.edu/~jlongs2/holes/nasm.txt): what's the chance of an 
> evil asm file being sent to an ignorant user that calls nasm to compile 
> this file?

You are right, that this is very low risk.

> And this nasm bug is then called a "remotely exploitable 
> security hole".

Obviously it is not. I don't think it is even locally exploitable.

> If I mail out a shell script that does "rm -rf $HOME/*", 
> this can also be considered a remotely exploitable security hole.

The difference between nasm executing arbitrary code and a shell script
causing a shell to execute "rm -rf $HOME/*" is that the first IS NOT
meant to do that, and the second IS meant to do that. So let's not
compare those two.

Actually while the bug in nasm is very low risk, it is such bugs that
make it difficult to build new software using other software as building
blocks - you would need to audit and fix nasm before you could use it in
an web-to-assembler-gateway :-)

regards,

Marcin
-- 
Marcin Owsiany <marcin@...iany.pl>              http://marcin.owsiany.pl/
GnuPG: 1024D/60F41216  FE67 DA2D 0ACA FC5E 3F75  D6F6 3A0D 8AA0 60F4 1216
 
"Every program in development at MIT expands until it can read mail."
                                                              -- Unknown


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ