Do you have a question? Post it now! No Registration Necessary. Now with pictures!
- Posted on
- Clark L. Coleman
February 13, 2007, 5:45 pm
rate this thread
Searching through security bulletins, you see many reports of buffer
overflow vulnerabilities, perhaps 10-15% that many format string
vulnerabilities, even fewer integer overflow and/or signedness
vulnerabilities, and even fewer double-free vulnerabilities.
These are all reported by security firms that were reviewing code, or
random open source code reviewers. What I am wondering is: Have there
actually been successful exploits of the more exotic vulnerabilities
(e.g. integer overflow or double-free), as opposed to just reports of
In both my teaching and research I would like to comment on whether
anyone's system has ever really been damaged by an attacker using such
an exploit, as opposed to proof-of-concept reports.
Thanks for any pointers.
University of Virginia
- Sebastian Gottschalk
February 14, 2007, 12:48 am
- Ertugrul Soeylemez
February 14, 2007, 1:23 am
Re: Have real exploits of arithmetic overflows happened?
Probably a lot of them have been exploited actively, but not necessarily
against large networks or well-known hosts (Google, Amazon, Ebay, ...).
I can't imagine that the TCP options bug in the Linux Netfilter wasn't
exploited somewhere in the wild. It was a signedness bug, which could
be exploited to drop the kernel into an endless loop.