Fuzz By Number

More documents

Recommendations

Info

FTP Bug 4 (Cont.)Generation based fuzzers got this oneMutation based did not - never began a path with a ‘~’
SNMP Bug #4int snmp_pdu_parse(netsnmp_pdu *pdu, u_char * data, size_t * length){…data = asn_parse_sequence(data, length, &type, (ASN_SEQUENCE | ASN_CONSTRUCTOR),"varbinds");if (data == NULL)return -1;...while ((int) *length > 0) {…switch ((short) vp->type) {…case ASN_OCTET_STR:case ASN_IPADDRESS:case ASN_OPAQUE:case ASN_NSAP:if (vp->val_len < sizeof(vp->buf)) {vp->val.string = (u_char *) vp->buf;} else {vp->val.string = (u_char *) malloc(200);if (vp->val_len > 200){BUGREPORT(4);}}…asn_parse_string(var_val, &len, &vp->type, vp->val.string,&vp->val_len);break;
Page 1 and 2: Fuzz By NumberMore Data About Fuzzi
Page 3 and 4: AgendaFuzzing, why we careHow do yo
Page 5 and 6: Generating Test CasesMutation-based
Page 7 and 8: Fuzzing LifecycleIdentifying interf
Page 9 and 10: Retrospective TestingTime period is
Page 11 and 12: Simulated VulnerabilityDiscoveryExp
Page 13 and 14: Code Coverage AnalysisInstrument th
Page 15 and 16: Our TestingThree network protocolsT
Page 17 and 18: Introducing The FuzzersGeneral Purp
Page 19 and 20: TaofOpen source, mutation basedGUI
Page 21 and 22: Mu-4000Commercial fuzzer from Mu Se
Page 23 and 24: eSTORMCommercial, generation based
Page 25 and 26: What’s Missing?What about SPIKE,
Page 27 and 28: The Bugs17 bugs added to each appli
Page 29 and 30: Results!
Page 31 and 32: FTP - Summary% bugs found % code co
Page 33 and 34: SNMP Summary% bugs found % code cov
Page 35 and 36: DNS Summary% Bugs found % Code cove
Page 37 and 38: FTP OdditiesBugs 9, 12, and 13 were
Page 39 and 40: FTP Bug 16MODRET core_eprt(cmd_rec
Page 41: FTP Bug 4char *dir_canonical_path(p
Page 45 and 46: GeneralConclusions
Page 47 and 48: Generation Based ApproachMost Effec
Page 49 and 50: Protocol Knowledge Is Good% SNMP bu
Page 51 and 52: More Code Coverage...
Page 53 and 54: Statistics Says “Yes”Dep Var: B
Page 55 and 56: A Real BugAll this fuzzing with dif
Page 57 and 58: Special Thanks To:Commercial fuzzer

Fuzz By Number

Create successful ePaper yourself

Delete template?

Save as template?