![pen-test logo](/images/pen-test-logo.png)
Penetration Testing mailing list archives
Re: Openssl proof of concept code?
From: Ivan Arce <ivan.arce () corest com>
Date: Thu, 08 Jan 2004 19:44:23 -0300
Lachniet, Mark wrote:
... Is anyone aware of a reasonable way for an analyst to definitively demonstrate if the vulnerabilities exist in a particular product? Since some of the bugs deal with bad client certificates, some might be as easy as getting a copy of a "bad" client certificate and connecting to the server using a program such as stunnel, but I have yet to see anything about this. Alternately, has anyone written a good program to remotely identify what SSL codebase is in use, other than looking for it in HTTP server headers? Nessus' ssltest.nasl can allegedly distinguish between a openssl and MS CryptoAPI or Novell, but this isn't really enough in my opinion. If conventional tools (i.e. Nessus and other scanners) can't really fingerprint it, how might one go a little further and determine this from a "black box" perspective? I understand that with a good deal of development time and effort, this can probably be done, but this is probably not realistic for most organizations to do on their own.
Here is were the usefulness of exploit code is demostrated.The best way to determine if a system is vulnerable to a given vulnerability is to actually try to exploit it. If you had a reliable exploit for the bug
you wouldnt care that much about putting a great effort into identifying the specific codebase and version of the SSL implementation you are testing.Writing a good-enough vulnerability check without explotation is sometimes as hard or even harder than writing a working exploit.
And while we are at this. Has anybody done any research on the possibility of stack overflows due to infinite recursion on windows or linux systems? -ivan --- Ivan Arce CTO CORE SECURITY TECHNOLOGIES 46 Farnsworth Street Boston, MA 02210 Ph: 617-399-6980 Fax: 617-399-6987 ivan.arce () coresecurity com www.coresecurity.com PGP Fingerprint: C7A8 ED85 8D7B 9ADC 6836 B25D 207B E78E 2AD1 F65A --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Openssl proof of concept code? Lachniet, Mark (Jan 08)
- Re: Openssl proof of concept code? Bram Matthys (Syzop) (Jan 09)
- Re: Openssl proof of concept code? Ivan Arce (Jan 09)
- Re: [Full-Disclosure] Openssl proof of concept code? John Lampe (Jan 09)
- <Possible follow-ups>
- Re: Openssl proof of concept code? David Kennedy CISSP (Jan 09)