SBDA âsame bug, different appâ - Security Assessment

More documents

Recommendations

Info

The Long Filename SBDA • Oct 12, 2004 Group Converter Buffer Overflow Vulnerability [buffer].grp – Buffer overflow in program group converter • Still… After All This Time Why have these vulnerabilities not all been discovered • FileNameSizer Tool Creates files with a filename of the maximum allowed length and all extensions from aaa through to zzz [250*x].aaa, [250*x].aab, … , [250*x].zzy, [250*x].zzz Loads all files in the default application • The Windows 2000 Findings [buffer].cda - Buffer overflow in winamp [buffer].cap - Buffer overflow in MS Network Monitor [buffer].nms - Buffer overflow in Numega Symbol Loader [buffer].nrg - Buffer overflow in Nero CD Burner Copyright Security-Assessment.com 2005
The Long Value SBDA • Length Values Used In Allocation Or Copying Graphic size parameters Size of data blocks Size of text string • Common Mistakes Buffer is allocated the size of length, text is copied till null Buffer is allocated based on length, text is copied length bytes Buffer is preallocated, text is copied length bytes • FileLengther Tool Searches files for text strings that has a corresponding length in the byte/word before hand - [length][text string] • Some Findings .xls - Excel 2000 (MS04-033) .chm - htmlHelp (MS04-023) Copyright Security-Assessment.com 2005
Page 1 and 2: SBDA “same bug, different app”
Page 3 and 4: SBDA - What It’s Not • Not The
Page 5 and 6: SBDA - The Conception • I Wanted
Page 7 and 8: How Can This Be Applied To Research
Page 9 and 10: The SBDA Advantage • Gives Resear
Page 11 and 12: The AV / Archive SBDA (in reverse)
Page 13 and 14: Packet vs File • Both Are Data Bo
Page 15 and 16: Some Common Test Methods • Fuzzin
Page 17: SDBA Theory In Practice • Some Ex
Page 21 and 22: The Long Import SBDA • Jan, 2005
Page 23 and 24: The URL Handler SBDA • Mar 09, 20
Page 25 and 26: SBDA To The Test • Quick File Bas
Page 27 and 28: 2 nd Generation Vulnerabilities •
Page 29 and 30: Wrap Up • Same Bug, Different App

SBDA âsame bug, different appâ - Security Assessment

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?

SBDA âsame bug, different appâ - Security Assessment