Dailydave mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Lynn / Cisco shellcode

From: "Andrew R. Reiter" <arr () watson org>
Date: Thu, 28 Jul 2005 03:57:21 -0400 (EDT)

On Wed, 27 Jul 2005 dan () geer org wrote:

:
:Surely someone on this list has something
:to say about the Lynn / Cisco shellcode
:item...
:
:--dan

In all honesty, most of the stuff is not new, in my opinion.  The big 
thing of interest, to me, was that he was able to "put it all together."  
Like, the idea of overwriting heap management pointers/values is not a new 
idea, but how he figured out about the idle process that does process heap 
pointer "validation" _WAS_ interesting to me.  That was the key, for me, 
in realizing what was really needed to go from "hrm... there's a bug, but 
I can't get things to work" to realizing "ah, there's something there that 
does another check, so we need to do more work to deal with getting around 
it."

The talk, I felt, was mediocre soley b/c of the hype re: lawsuits... and 
the played out nature of the "so sue me" joke.  I did enjoy it however and 
I think Cisco is way overreacting (as is ISS).  I also feel that BlackHat 
(Inc?) is extremely lame with regards to how they handled the situation... 
VERY LAME.  What about the Checkpoint vulnerabilities from humble, song, 
et al... a few years ago?  Where was the law suits?

So, I say "Good work, Mike."

Cheers,
Andrew

--
Andrew R. Reiter
arr () watson org
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
https://lists.immunitysec.com/mailman/listinfo/dailydave
Previous By Date Next
Previous By Thread Next

Current thread: