[HGI-News] HGI-Seminar 19.12.2005
Newsletter des Horst Görtz Instituts
hgi-news at lists.ruhr-uni-bochum.de
So Dez 11 22:36:22 CET 2005
========================================================================
Thomas Dullien
Ruhr-Universität Bochum
Montag, 19.12.2005, 13:15 Uhr, IC 4/30
Attacks on unitialized local variables
Abstract:
Buffer overflows have been abused in order to compromise software
systems
for the better part of the last 25 years. In recent years, many
restricted
solutions to curb their negative effect (stack canaries, frontlink/
backlink
verification for heap implementations, reordering of local variables)
have been proposed and implemented in most popular compilers and
operating
systems. What is commonly overlooked is that the 'general' problem is
the
ability of attackers to trigger behaviour that is 'undefined' by the
ANSI
C99 standard, not the (relatively small) subclass of 'buffer overflow'.
Other 'undefined' situations can be abused to compromise software
systems.
This presentation focuses on access to unitialized local variables.
A common programming mistake is a situation where under some exceptional
conditions a local variable is not initialized prior to it's first
use. As
the local variables are usually allocated on the stack, the memory
thus used
is not zeroed and may contain values 'left over' from other parts of the
program. Most discussions of this topic imply that these values
cannot be
controlled by an attacker in a meaningful manner, and thus use of
unitialized
variables means no security risk beyond a denial-of-service (e.g.
application
crash). This talk proposes methods with which an attacker can determine
the set of functions in a program that are
accessing the same memory range that will lateron be re-used by the
faulty
function. By constructing several specialized graphs from the
disassembly
of a program, it is possible to determine the set of functions that
might
be used to control the 'unitialized' values.
A direct application where this method was used to compromise a
commercial VPN
solution will be discussed, too.
========================================================================
Organisation:
Prof. Dr. Roberto Avanzi
Faculty for Mathematics
Ruhr-University Bochum
44780 Bochum, Germany
URL: http://www.cits.rub.de
http://www.rub.de/hgi
_______________________________________________
HGI-News mailing list
Informationen unter:
http://lists.ruhr-uni-bochum.de/mailman/listinfo/hgi-news
Mehr Informationen über die Mailingliste Hgi-News-Deutschland