January 25th, 2005, 12:09 PM
buffer overflow vulnerability detection
I see that there are many products (chat clients, browsers, what not?) are prone to buffer overflow attacks.
I also see that some hacker finds the buffer overflow vulnerability and publishes a program to programatically do that.
Now, my question is how do hackers detect such buffer overflow vulnerabilities ?
January 25th, 2005, 12:17 PM
1. Open Source applications
-> see the source code, look for strcpy, malloc etc which may be vulnerable (let grep guide on your lofty quest ). Be warned not all calls may lead to compromise.
-> Source code auditing tools, RATS/ITS4 and others.
2. Closed Source Applications
-> Black box testing, send malformed data and analyze the responses.
-> using automated tools, SPIKE,bfbtester.
-> You intutions, understnding the application from developers point of view and guessing where the things may have been wrongly placed by the developer.
-> DisAssemblers, debuggers, understaning the ASM and finding flaws. (Halvar Flake's Plugins may be a help )
guru@linux:~> who I grep -i blonde I talk; cd ~; wine; talk; touch; unzip; touch; strip; gasp; finger; mount; fsck; more; yes; gasp; umount; make clean; sleep;