lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <87irvx87vf.fsf@mid.deneb.enyo.de>
Date: Sun Oct 16 22:34:39 2005
From: fw at deneb.enyo.de (Florian Weimer)
Subject: Re: [Dailydave] Exploiting Windows Device Drivers
	Whitepaper

* Piotr Bania:

> For those who are interrested, the paper can be downloaded from:
> http://pb.specialised.info/all/articles/ewdd.pdf

| Device driver vulnerabilities are increasingly becoming a major
| threat to the security of Windows and other operating systems. It is
| a relatively new area [...]

Which "other systems" are you talking about?  The most obvious choices
have been plagued for years by vulnerabilities in device drivers, file
systems, and other fringe areas.

I've looked at some of the recent Linux CVEs, and there are about five
for driver code, six for driver infrastructure code, and 25 for other
stuff (a lot of network-related things, but also some 32/64
interoperability stuff, but not really driver-related).  As far as I
can remember, the ration has been the same for quite some time now, so
the real problem you are talking about seems to be "poorly written
3rd-party ring 0 code on Windows".  However, I'm sure that this is a
worthwhile area for investigation. 8-P

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ