funsec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: I'm so excitied, I just can't hide it.......

From: "Larry Seltzer" <larry () larryseltzer com>
Date: Fri, 18 Apr 2008 09:34:20 -0400
Help me out here, should I be "shocked" or "horrified" when I write it
up?

 

Larry Seltzer
eWEEK.com Security Center Editor
http://security.eweek.com/
http://blogs.pcmag.com/securitywatch/
Contributing Editor, PC Magazine
larry.seltzer () ziffdavisenterprise com

 

From: funsec-bounces () linuxbox org [mailto:funsec-bounces () linuxbox org]
On Behalf Of Richard M. Smith
Sent: Friday, April 18, 2008 8:29 AM
To: funsec () linuxbox org
Subject: [funsec] I'm so excitied, I just can't hide it.......

 


 


When I see a null pointer bug in an application, I question how well the
application has been vetted for more dangerous security vulnerabilites.
OTOH, many vendors pooh-pooh null pointer bugs, because they don't allow
remote code execution.  Perhaps it is time for vendors to take these
errors more seriously?

 

Richard

 


NULL Pointer Exploit Excites Researchers
<http://tech.slashdot.org/tech/08/04/18/0436232.shtml>  


Posted by Soulskill on Friday April 18, @05:18AM
from the ruh-roh-shaggy dept. 

  <http://slashdot.org/search.pl?tid=108> 

Da Massive writes "Mark Dowd's paper "Application-Specific Attacks:
Leveraging the ActionScript Virtual Machine" has alarmed researchers
<http://www.cio.com.au/index.php/id;342968942> . It points out
techniques that promise to open up a class of exploits and vulnerability
research previously thought to be prohibitively difficult. Already, the
small but growing group of Information Security experts who have had the
chance to read and digest the contents of the paper are expressing an
excited concern depending on how they are interpreting it. While the
Flash vulnerability described in the paper
<http://documents.iss.net/whitepapers/IBM_X-Force_WP_final.pdf> [PDF]
has been patched by Adobe, the presentation of a reliable exploit for
NULL pointer dereferencing has the researchers who have read the paper
fascinated. Thomas Ptacek has an explanation of Dowd's work
<http://www.matasano.com/log/1032/this-new-vulnerability-dowds-inhuman-f
lash-exploit/> , and Nathan McFeters at ZDNet is 'stunned by the
technical details <http://blogs.zdnet.com/security/?p=1030> .'" 

 [+] <http://slashdot.org/login.pl>  security
<http://slashdot.org/tags/security> , java
<http://slashdot.org/tags/java> , dowd <http://slashdot.org/tags/dowd> ,
null <http://slashdot.org/tags/null>  (tagging beta
<http://slashdot.org/faq/tags.shtml> ) 

*       Read More...
<http://tech.slashdot.org/tech/08/04/18/0436232.shtml>  



_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.
Previous By Date Next
Previous By Thread Next

Current thread: