[Info-vax] [OT] Software wears out, was: Re: VMS Software Inc. OpenVMS 8.4-1H1 Boots on i4 System

Fri Mar 20 17:23:55 EDT 2015

On 2015-03-20, Bob Koehler <koehler at eisner.nospam.decuserve.org> wrote:
> In article <mehmek$q9o$1 at dont-email.me>, Simon Clubley <clubley at remove_me.eisner.decus.org-Earth.UFP> writes:
>> 
>> If you only have binary images which are no longer supported, then how
>> do you get the vulnerability fixed so you can resume normal production
>> operations ?
>
>    Can you write Hello World in such a way that it has vulnerabilities?
>

Yes:

=========================================================================
/*
 * This is a _vulnerable_ version of hello world.
 *
 * Anyone reading this must _NOT_ use the following in any code; it's
 * purpose is to demonstrate that even Hello World can be vulnerable.
 */

#include <stdio.h>
#include <stdlib.h>

int main(int argc, char *argv[])
	{
	if(argc != 2)
		{
		printf("Error: you must specify the output string\n");
		exit(4);
		}
	printf(argv[1]);
	return(0);
	}
=========================================================================

Output (SL 5.x machine):

[simon@[deleted] ~]$ ./vulnerable_hello_world "Hello World%n%s%n"
Segmentation fault

Before you say no-one would ever use such a construct for real, ISTR
there was some kind of format string vulnerability in one of the
finger clients as exposed during the Great VMS Defcon 16 Fracas
of 2008.

IIRC, it was never confirmed in public what the problem was with the
finger client source code in question however.

Simon.

-- 
Simon Clubley, clubley at remove_me.eisner.decus.org-Earth.UFP
Microsoft: Bringing you 1980s technology to a 21st century world