Dailydave mailing list archives
Re: Concurrency, deadlocks, security and unicode.
From: "Steven M. Christey" <coley () mitre org>
Date: Sun, 27 Nov 2005 16:42:52 -0500 (EST)
Dave Aitel said:
I expect people to discover that you can manipulate the state machines that drive many web applications in weird ways using concurrency flaws. Has anyone on this list found this to be true yet?
Not at the level of complexity you're talking about with respect to threading, but there are a few dozen publicly reported vulnerabilities that involve out-of-order or asynchronous operations between 2 distinct processes, e.g.: - sending a PASS command before USER in an FTP session - interrupting an asynchronous data transfer operation. This is found fairly frequently by Luigi Auriemma in his analysis of video games (as a shout-out to him, he's the only one who seems to be doing this kind of analysis regularly). - CVE-2005-3847 is a recent Linux kernel example where you cause a deadlock by sending a SIGKILL to a real-time threaded process while it is performing a core dump. One of these days maybe there will be a fad/trend for doing this kind of analysis, e.g. when file format fuzzing stops being so easy? :) Execution fuzzing is an intriguing concept... - Steve
Current thread:
- Concurrency, deadlocks, security and unicode. Dave Aitel (Nov 27)
- Re: Concurrency, deadlocks, security and unicode. Andrew R. Reiter (Nov 27)
- <Possible follow-ups>
- Re: Concurrency, deadlocks, security and unicode. Steven M. Christey (Nov 27)