Re: Penetration of HP/UX

[AK <platsakos () gmail com>]

Hi all,

while I agree with the 2nd paragraph of the email Paul wrote, I believe
that a small clarification should be made on the 1st paragraph. In x86,
the NX bit can be emulated. Emulating the NX bit causes certain
processors to fail to boot, although we are talking K6s/PentiumMMX era
CPUs IIRC. Thus for all intents and purposes, NX-bit can be reliably
emulated in modern x86 CPUs.

Regarding Michael's comment that " i still fail to understand how a
buffer overflow would work on one architecture and fail on another.i am
always baffled when i hear a  certain vuln/exploit is only on x86 or
x86_64.", I would also like to add the following: When considering
reliable exploitation of a certain bug, one should always also bear in
mind that OS releases/distributions can vary wildly in exploitation
countermeasures as well. Therefore, even within the confines of say x86,
it is far from trivial to produce a reliable exploit for all an OS
revision or across different distributions. So, not only every bug is a
vuln in every platform but not every bug is a vuln across the lifetime
of an OS.

On 06/19/2011 03:09 PM, Paul Melson wrote:
> On Jun 19, 2011, at 12:59 AM, michael getachew <michaelhoustong () yahoo com> wrote:
> > also,I get how the shellcodes and all that has to be different but i still fail to understand how a buffer overflow 
> > would work on one architecture and fail on another.i am always baffled when i hear a  certain vuln/exploit is only 
> > on x86 or x86_64. I'm sure there is an explanation to this i just don't know it yet so please enlighten me on the 
> > this subject.
> There are lots of reasons this can be true.  An obvious one is the availability of the NX bit in CPUs.  X86_64 and 
> others (SPARC, PPC, IA64), support noexec stacks as an instruction bit to the CPU core.  Whereas x86 CPUs like P3 and 
> earlier do not.  Therefore, simple buffer overflows are highly reliable on older x86 systems because OS features like 
> Windows DEP don't work.
>
> Other issues with arch-specific exploitation include differences in registers, instruction size, and stack layout.  
> These create nuances in the exploitability of a vulnerability - like the need for an overflowable buffer to also be 
> in a nested function on Solaris/SPARC in order to be exploitable.  Overall I wouldn't say any 1 modern architecture 
> is significantly less exploitable than the others, but not every bug is a vuln on every platform.
>
> PaulM
>
> ------------------------------------------------------------------------
> This list is sponsored by: Information Assurance Certification Review Board
>
> Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
> and CEPT certs require a full practical examination in order to become certified. 
>
> http://www.iacertification.org
> ------------------------------------------------------------------------

-- 
What is the air-speed velocity of an unladen swallow? 


------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified. 

http://www.iacertification.org
------------------------------------------------------------------------