Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Seeking PROTOS tool details

From: Jim Duncan <jnduncan () cisco com>
Date: Thu, 14 Feb 2002 18:15:18 -0500
Joshua Wright writes:

Has anyone performed a rudimentary (or other) analysis of the PROTOS tool
and it's capabilities?  It seems there is quite a bit of uncertainty
floating around about the vulnerabilities it exploits.  Any analysis
comments are welcome.


Direct effects: boundary overruns and unexpected data values.  Indirect 
effects: memory leaks, etc., and other failures due to saturation, 
queue overruns, and so forth.

Details are available in the documentation on the OUSPG web site (if
it's not there already, it will be soon).  If you want to know what's in
the packets, just extract the test cases from the jar files and hexdump
them.  Those _are_ the PDUs themselves -- you can use netcat to send
them to the device under test -- so everything you want to know about
53,000 test cases is already there to be examined.  Have fun. :-)

For the record, the specific tests that expose vulnerabilities vary 
by vendor, product, version, and so forth.  I don't recall any 
particular tests that were obvious showstoppers every time.

Hope this helps.

        Jim



==
Jim Duncan, Product Security Incident Manager, Cisco Systems, Inc.
http://www.cisco.com/warp/public/707/sec_incident_response.shtml
E-mail: jnduncan () cisco com  Phone(Direct/FAX): +1 919 392 6209
Previous By Date Next
Previous By Thread Next

Current thread: