Slashdot Mirror

← Back to Stories (view on slashdot.org)

New Hack Exploits Common Programming Error

Posted by ScuttleMonkey on from the gibson-unavailable-for-comment dept.

buzzardsbay writes "TechTarget's security editor, Dennis Fisher is reporting that researchers at Watchfire Inc. have discovered a reliable method for exploiting a common programming error, which until now had been considered simply a quality problem and not a security vulnerability. According to the article, the researchers stumbled upon the method for remotely exploiting dangling pointers by chance while they were running the company's AppScan software against a Web server. The good folks at Watchfire will detail the technique in a presentation at the Black Hat Briefings in Las Vegas in August, Fisher writes."

3 of 255 comments (clear)

  1. Re:That's nice and everything but.... by Wavicle · · Score: 5, Insightful

    Presumably what they have here is a dangling pointer to a function, which they can get IIS to then call. They state that this used to be a "denial of service" attack - meaning that if IIS attempted the call before, it would execute garbage and cause a runtime fault. Now, however, they can change the value of the dangling pointer and when IIS does the jump this time, it executes their exploit code instead.

    --
    Education is a better safeguard of liberty than a standing army.
    Edward Everett (1794 - 1865)
  2. Re:More push toward VM's by 19thNervousBreakdown · · Score: 5, Insightful

    Garbage collected languages is no solution to poor programming. If you can't remember to not call a function pointer that you just freed, you'll probably forget to close /etc/passwd before dropping privs, or something equally stupid.

    --
    <xml><I><am><so><damn>Web 2.0</damn></so></am></I></xml>
  3. Re:Why are we still dealing with this? by PetriBORG · · Score: 5, Insightful

    I dunno. I manage to write C++ and never overflow a buffer, always release all resources when I'm done with them, and never throw away an error. Why can't the other 95% of the programmers out there do the same thing?

    They are busy being yelled at by their boss to "just make it work" and to "not worry about getting it perfect" and they are dealing the idiot "build master" over in change-management who doesn't know what "make clean" is or how to read a make file, but thinks that he's some master csh hacker... Everyone wants that just not everyone works in a perfect world.

    Shit, most of us are just happy when we are able to beat clear requirements out of people and get reasonable bug reports.

    --
    Pete/Petri "damn, my chainsaw is clogged with 1's and 0's again." --clyde