Penetration Testing mailing list archives
Re: Penetration of HP/UX
From: AK <platsakos () gmail com>
Date: Sun, 19 Jun 2011 23:11:58 +0300
Hi all, while I agree with the 2nd paragraph of the email Paul wrote, I believe that a small clarification should be made on the 1st paragraph. In x86, the NX bit can be emulated. Emulating the NX bit causes certain processors to fail to boot, although we are talking K6s/PentiumMMX era CPUs IIRC. Thus for all intents and purposes, NX-bit can be reliably emulated in modern x86 CPUs. Regarding Michael's comment that " i still fail to understand how a buffer overflow would work on one architecture and fail on another.i am always baffled when i hear a certain vuln/exploit is only on x86 or x86_64.", I would also like to add the following: When considering reliable exploitation of a certain bug, one should always also bear in mind that OS releases/distributions can vary wildly in exploitation countermeasures as well. Therefore, even within the confines of say x86, it is far from trivial to produce a reliable exploit for all an OS revision or across different distributions. So, not only every bug is a vuln in every platform but not every bug is a vuln across the lifetime of an OS. On 06/19/2011 03:09 PM, Paul Melson wrote:
On Jun 19, 2011, at 12:59 AM, michael getachew <michaelhoustong () yahoo com> wrote:also,I get how the shellcodes and all that has to be different but i still fail to understand how a buffer overflow would work on one architecture and fail on another.i am always baffled when i hear a certain vuln/exploit is only on x86 or x86_64. I'm sure there is an explanation to this i just don't know it yet so please enlighten me on the this subject.There are lots of reasons this can be true. An obvious one is the availability of the NX bit in CPUs. X86_64 and others (SPARC, PPC, IA64), support noexec stacks as an instruction bit to the CPU core. Whereas x86 CPUs like P3 and earlier do not. Therefore, simple buffer overflows are highly reliable on older x86 systems because OS features like Windows DEP don't work. Other issues with arch-specific exploitation include differences in registers, instruction size, and stack layout. These create nuances in the exploitability of a vulnerability - like the need for an overflowable buffer to also be in a nested function on Solaris/SPARC in order to be exploitable. Overall I wouldn't say any 1 modern architecture is significantly less exploitable than the others, but not every bug is a vuln on every platform. PaulM ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
-- What is the air-speed velocity of an unladen swallow? ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- Penetration of HP/UX Philipp Lachberger (Jun 12)
- Re: Penetration of HP/UX AK (Jun 14)
- Re: Penetration of HP/UX Nur Agus (Jun 14)
- Re: Penetration of HP/UX Abuse 007 (Jun 18)
- Re: Penetration of HP/UX michael getachew (Jun 19)
- Re: Penetration of HP/UX Roland Kessler (Jun 19)
- Re: Penetration of HP/UX michael getachew (Jun 19)
- Re: Penetration of HP/UX Paul Melson (Jun 19)
- Re: Penetration of HP/UX AK (Jun 19)
- Re: Penetration of HP/UX Paul Melson (Jun 19)
- Re: Penetration of HP/UX Abuse 007 (Jun 18)
- Re: Penetration of HP/UX Jan Muenther (Jun 23)
- Re: Penetration of HP/UX Philipp Lachberger (Jun 18)
- Re: Penetration of HP/UX Paul Melson (Jun 18)