[Info-vax] DCL crashing bug update
Stephen Hoffman
seaohveh at hoffmanlabs.invalid
Tue Jul 25 11:05:10 EDT 2017
On 2017-07-25 01:46:31 +0000, Simon Clubley said:
> On the plus side, I can't think of a way to turn this into a security
> vulnerability because it isn't what I originally thought it was. On the
> minus side, it turns out that Unix isn't the only operating system with
> an in-band null character (ie: 0x00) problem. :-)
This is also an example of multiple disjoint parser implementations
processing related data, and of problems that arise when a parser fails
when reading untrusted data. In the present and likely future
environment, more than a little data is untrusted. This includes
files, whole volumes, network connections, and suchlike. Similar
disjoint parser implementations have nailed other platforms. As have
problems in parsing routines presented with data that wasn't quite
entirely as was expected.
Crashes are always interesting, whether an attacker or as a defender.
Whether this local denial-of-service case is exploitable? Donno.
Probable worst case here would be a local privilege escalation, and
that seems somewhat unlikely.
--
Pure Personal Opinion | HoffmanLabs LLC
More information about the Info-vax
mailing list