Division by zero exception
Page 1 of 2 12 LastLast
Results 1 to 10 of 13

Thread: Division by zero exception

  1. #1
    Junior Member
    Join Date
    Jul 2009
    Posts
    2

    Division by zero exception

    I would like to know how a hacker can use a division by zero exception to get access to a (web) server and\or elevate his privileges and get root access.

  2. #2
    Banned
    Join Date
    Jan 2008
    Posts
    605
    Its just an error thrown up when a program tries to divide non-positive numbers.

  3. #3
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    I would like to know how a hacker can use a division by zero exception to get access to a (web) server and\or elevate his privileges and get root access.
    Two words: "crappy programming"

    Mathematical conventions aside, division by zero will produce infinity as a result, and any attempt to calculate infinity will be an effective Denial of Service attack.

    Your question, as I see it, is really about exception handling in general, of which division by zero is just an example.

    Basically it is all about what the system does when it encounters an error. If it skips that instruction and goes on to process the next and subsequent instructions with system privileges, I think you can see where that could lead?

    And whilst I'm here.............welcome to AO

  4. #4
    Banned
    Join Date
    Jan 2008
    Posts
    605
    Denial of Service attack.
    He isn't talking about executables. Web applications would just throw up response codes.

    If it skips that instruction and goes on to process the next and subsequent instructions with system privileges, I think you can see where that could lead?
    Um... a process is given a set of privileges the moment its run. Secondly, dividing by zero won't cause a program to call and jump random addresses.

  5. #5
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    He isn't talking about executables. Web applications would just throw up response codes.
    Yes I found that somewhat confusing as well. Division by zero implies an executable. Like yourself, I would expect a web application to simply validate a field and produce a code............in this case an invalid character one......then wait for its correction or the timeout threshold if one is set.

    Off the top of my head I cannot envisage a situation where an attacker would know that a division calculation was going to take place, and be able to insert what should fundamentally be rejected as an invalid input.

    Um... a process is given a set of privileges the moment its run.
    Yes, in this case I am assuming that it is System, or it would not be possible to elevate privileges?

    Secondly, dividing by zero won't cause a program to call and jump random addresses.
    I wasn't thinking of random, but sequential, with the next instruction being malicious or flawed.

    I really don't see why this should be web-specific?

  6. #6
    Banned
    Join Date
    Jan 2008
    Posts
    605
    You mean "ret" which is at the end of almost every procedure that's ever been compiled? Or some type of elseif statement? For some reason I really don't see that as something malicious.
    Last edited by The-Spec; July 31st, 2009 at 05:31 PM.

  7. #7
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    I would imagine that the mishandling of the exception would have to permit the running of arbitrary code with the rights of current user. Personally I can't recall of an example that would apply to a web server, although I am no expert on web servers.

    It is the kind of thing I would normally associate with client based applications software being served with a specially crafted/malformed item.

    The standard MS comment goes something like: "An attacker that successfully exploited this vulnerability would be able to execute arbitrary code with the privileges of the current user."

  8. #8
    THE Bastard Sys***** dinowuff's Avatar
    Join Date
    Jun 2003
    Location
    Third planet from the Sun
    Posts
    1,252
    Start Here (stolen from the interwebz)

    Code:
       1  // Fig. 13.1: DivideByZeroNoExceptionHandling.java
       2  // An application that attempts to divide by zero.
       3  import java.util.Scanner;
       4  
       5  public class DivideByZeroNoExceptionHandling
       6  {
       7     // demonstrates throwing an exception when a divide-by-zero occurs
       8     public static int quotient( int numerator, int denominator )
       9     {
      10        return numerator / denominator; // possible division by zero
      11     } // end method quotient
      12  
      13     public static void main( String args[] )
      14     {
      15        Scanner scanner = new Scanner( System.in ); // scanner for input
      16  
      17        System.out.print( "Please enter an integer numerator: " );
      18        int numerator = scanner.nextInt();
      19        System.out.print( "Please enter an integer denominator: " );
      20        int denominator = scanner.nextInt();
      21  
      22        int result = quotient( numerator, denominator );
      23        System.out.printf( 
      24           "\nResult: %d / %d = %d\n", numerator, denominator, result );
      25     } // end main
      26  } // end class DivideByZeroNoExceptionHandling
    Note, please DO NOT ATTEMPT if you are the Real Chuck Norris. (we really don't want to see what happens when you actually divide infinity)
    09:F9:11:02:9D:74:E3:5B8:41:56:C5:63:56:88:C0

  9. #9
    Banned
    Join Date
    Jan 2008
    Posts
    605
    It is the kind of thing I would normally associate with client based applications software being served with a specially crafted/malformed item.

    The standard MS comment goes something like: "An attacker that successfully exploited this vulnerability would be able to execute arbitrary code with the privileges of the current user."
    So you truely are confusing this with buffer overflows? Seriously?!

  10. #10
    Junior Member
    Join Date
    Jul 2009
    Posts
    2
    My question should be more general - exceptions that a division by zero. I guess it was just an example. When an exception is thrown and application doesn't not catch it, the web server will throw the exception back to the user. It may contain sensitive information that can be used to exploit the server.

    I'm trying to figure out if there's a way for a hacker to use an unhanded exception for elevating his privileges and gain access to restricted pages.

Similar Threads

  1. Airsnort - Critical Exception Error
    By Critter in forum *nix Security Discussions
    Replies: 4
    Last Post: November 14th, 2003, 08:53 PM
  2. Division by Zero
    By Striek in forum Cosmos
    Replies: 16
    Last Post: October 17th, 2003, 01:23 AM
  3. win 98 fatal exception
    By jxrry59 in forum Newbie Security Questions
    Replies: 7
    Last Post: September 25th, 2003, 02:17 AM
  4. Division by Zero
    By neowarez in forum Site Feedback/Questions/Suggestions
    Replies: 11
    Last Post: March 7th, 2003, 07:48 AM
  5. COBOL Tutorial
    By hot_ice in forum Other Tutorials Forum
    Replies: 9
    Last Post: February 20th, 2002, 05:44 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •