Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

Meet the future of Windows security exploits

From: InfoSec News <isn () c4i org>
Date: Thu, 29 Nov 2001 01:57:27 -0600 (CST)
http://www.theregister.co.uk/content/55/23075.html

By John Leyden
Posted: 28/11/2001 at 14:26 GMT

Buffer overflow bugs, for years the most prevalent type of security
vulnerability, will become a thing of the past as crackers realise the
potential of different ways to exploiting Windows machines.

Sloppy programming practices (the root cause of buffer overflow
vulnerabilities) give rise to security bugs where arbitrary and
malicious code can be injected into a system, through a carefully
crafted malformed data entry.

Generally, this spurious input is much longer than a program expects,
causing code to overflow the buffer and enter parts of a system where
it may be subsequently executed. The technique has been successful
used against both Unix and NT machines on numerous occasions.

Halvar Flake, "Reverse Engineer" at Black Hat Consulting, said such
standard stack-smashing overflows are getting rarer in well-audited
code, so crackers will turn to fresh ways of executing arbitrary code.

During a well received presentation at last week's Black Hat
conference in Amsterdam, Flake showed how heap overflow attacks could
be used to write more or less arbitrary data to more or less arbitrary
locations. He described these as Third Generation Exploits on NT/Win2k
Platforms, something explained in greater detail here, and although he
told us it's a term he invented himself, we're happy to go along with
it since we liked the cut of his jib.

Such third generation exploits mean it is possible to subvert the
logic of a Windows app by modifying its variables.

He also outlined future cracker strategies involving creating a large
number of threads in a multithreaded environment, which make an
exploit "80-90 per cent reliable and independent of NT/Win2000/XP
version, service pack and hot fix".

Heap overflow exploits (such as format string bugs and particularly
malloc()/free()-manipulations) give attackers two powerful techniques.

Such tactics have been used, and documented, on *nix platforms and the
value of Flake's work is to highlight the risk of the exploitation of
the technique on NT/Win2k boxes.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY
of the mail.
Previous By Date Next
Previous By Thread Next

Current thread: