Carnegie Mellon University Software Engineering Institute CERT® Knowledgebase Copyright © 1997 Carnegie Mellon University VU#14202 UNIX rlogin with stack.

Slides:



Advertisements
Similar presentations
© 2008 Oracle Corporation – Proprietary and Confidential.
Advertisements

The Federal Technology Transfer Process: Licenses and Cooperative Research and Development Agreements ADVANCED LICENSING INSTITUTE AT.
The following 10 questions test your knowledge of Internet-based client management in Configuration Manager Configuration Manager 2007 Internet-Based.
The following 10 questions test your knowledge of desired configuration management in Configuration Manager Configuration Manager Desired Configuration.
0 Overview of Bayh-Dole Act and Data Rights under the Federal Acquisition Regulation Milton Hsieh Office of Chief Counsel August 10, 2006.
© 2013 Carnegie Mellon University UFO: From Underapproximations to Overapproximations and Back! Arie Gurfinkel (SEI/CMU) with Aws Albarghouthi and Marsha.
© 2014 Microsoft Corporation. All rights reserved.
IMPORTANT READ CAREFULLY BEFORE USING THIS PRODUCT LICENSE AGREEMENT AND LIMITED WARRANTY BY INSTALLING OR USING THE SOFTWARE, FILES OR OTHER ELECTRONIC.
Concentrating Solar Deployment Systems (CSDS) A New Model for Estimating U.S. Concentrating Solar Power Market Potential Nate Blair, Walter Short, Mark.
© 2011 Carnegie Mellon University System of Systems V&V John B. Goodenough October 19, 2011.
© 2013 Carnegie Mellon University Academy for Software Engineering Education and Training, 2013 Session Architect: Tony Cowling Session Chair: Nancy Mead.
© Carnegie Mellon University The CERT Insider Threat Center.
Megan Houchin Safety Analysis Engineering Y-12 National Security Complex SAWG May 7 th, 2012.
Air Force Materiel Command I n t e g r i t y - S e r v i c e - E x c e l l e n c e Developing, Fielding, and Sustaining America’s Aerospace Force INTELLECTUAL.
CS CS 5150: Software Engineering Lecture 5 Legal Aspects of Software Engineering 1.
Copyright and Alternatives to Copyright Why now? Rita S. Heimes Director, Technology Law Center University of Maine School of Law Rita S. Heimes Director,
© 2011 Carnegie Mellon University Should-Cost: A Use for Parametric Estimates Additional uses for estimation tools Presenters:Bob Ferguson (SEMA) Date:November.
Jul The New Geant4 License J. Perl The New Geant4 License Makes clear the user’s wide- ranging freedom to use, extend or redistribute Geant4, even.
Software Protection & Scope of the Right holder Options for Developing Countries Presentation by: Dr. Ahmed El Saghir Judge at the Council of State Courts.
1 Copyright © 2012 Mahindra & Mahindra Ltd. All rights reserved. 1 Change Management – Process and Roles.
Ipek Ozkaya, COCOMO Forum © 2012 Carnegie Mellon University Affordability and the Value of Architecting Ipek Ozkaya Research, Technology.
Low Pressure Spray Polyurethane Foam Chemical Health and Safety Training.
© 2010 Carnegie Mellon University Team Software Process.
This material is based upon work supported by the U.S. Department of Homeland Security, Science and Technology Directorate, Office of University Programs,
1 Jon Sudduth Project Engineer, Intelligent Grid Deployment SWEDE April 26, 2011.
Conditions and Terms of Use
1 Technical Report NREL/TP March 2009 Controlled Hydrogen Fleet Infrastructure Demonstration and Validation Project Spring 2009 Composite Data.
PRES-ET A011 Lynn J. Harkey SDIT Project Engineer Uranium Processing Facility Project B&W Y-12 August 26, 2009 The Process, Methods and Tool Used.
Optimal Food Safety Sampling Under a Budget Constraint Mark Powell U.S. Department of Agriculture, Office of Risk Assessment and Cost-Benefit Analysis.
IBIS-AMI and Direction Decisions
© This Multi-media Learning Design was created by Juan Carlos Alvarez as a project for the class EDTC 6340 in the Master of Education in Educational Technology.Juan.
© This Multi-media Learning Design was created by Juan Carlos Alvarez as a project for the class EDTC 6340 in the Master of Education in Educational Technology.
Y-12 Integration of Security and Safety Basis, Including Firearms Safety David Sheffey Safety Analysis, Compliance, and Oversight Manager B&W Technical.
Resource Management in OGSA Authored by the CMM-WG.
Primer Briefing “Brand Name or Equal” Purchase Descriptions Ask a Professor - # Date:
National Alliance for Medical Image Computing Licensing in NAMIC 3 requirements from NCBC RFA (paraphrased)
Networked Systems Survivability CERT ® Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA © 2002 Carnegie.
Author Software Engineering Institute
1 Technical Report NREL/TP October 2008 Controlled Hydrogen Fleet Infrastructure Demonstration and Validation Project Fall 2008 Composite Data.
Evaluation of the Impact to the Safety Basis of Research Conducted in Production Facilities at the Y-12 National Security Complex Rebecca N. Bell Senior.
Nomenclature for the OGSA Platform document Fred Maciel.
1 CERT BFF: From Start To PoC June 09, 2016 © 2016 Carnegie Mellon University This material has been approved for public release and unlimited distribution.
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Oracle Proprietary and Confidential. 1.
From Source Code to Packages and even whole distributions By Cool Person From openSUSE.
SUSE Studio: Building distributions By Cool Person From openSUSE.
ABC Company Positioned as a Magic Quadrant Leader
Definition Policy – a course of action that has been officially agreed and chosen by a political party, business or other organization (Longman Dictionary)
Open Source Software Practices
David Svoboda & Aaron Ballman
Models for Resources and Management
Using Parallelspace TEAM Models to Design and Create Custom Profiles
Resource Management in OGSA
Michael Spiegel, Esq Timothy Shimeall, Ph.D.
Copyright What we need to know. ©
OGSA Service Classifications
Metrics-Focused Analysis of Network Flow Data
Parallelspace PowerPoint Template for ArchiMate® 2.1 version 1.1
Parallelspace PowerPoint Template for ArchiMate® 2.1 version 2.0
September Workshop and Advisory Board Meeting Presenter Affiliation
Ideas for adding FPGA Accelerators to DPDK
40th Gas-Lift Workshop Houston, Texas, USA Oct. 23 – 27, 2017
Feb , Artificial Lift Strategies for Unconventional Wells Workshop Oklahoma City, OK.
September Workshop and Advisory Board Meeting Presenter Affiliation
Dynamic Cyber Training with Moodle
Feb , Artificial Lift Strategies for Unconventional Wells Workshop Oklahoma City, OK.
41st Gas-Lift Workshop Houston, Texas, USA June 3 - 7, 2019
36th Gas-Lift Workshop Stavanger, Norway February 4 – 8, 2013
Emotional Intelligence: The Core of Family Offices
2017 Sucker Rod Pumping Workshop
Presentation transcript:

Carnegie Mellon University Software Engineering Institute CERT® Knowledgebase Copyright © 1997 Carnegie Mellon University VU#14202 UNIX rlogin with stack buffer overflow triggered by long TERM environment variable Reviewed: May 29, 1997 Copyright © 1997 Carnegie Mellon University CERT is registered with the U.S. Trademark and Patent Office

Carnegie Mellon University Software Engineering Institute CERT® Knowledgebase Copyright © 1997 Carnegie Mellon University Legal Requirements The CERT Coordination Center is part of the Software Engineering Institute. The Software Engineering Institute is operated by Carnegie Mellon University for the Department of Defense. As such, the following conditions apply: COPYRIGHTS Software Engineering Institute authored documents are sponsored by the U.S. Department of Defense under Contract F C Carnegie Mellon University retains copyrights in all material produced under this contract. The U.S. Government retains a non-exclusive, royalty-free license to publish or reproduce these documents, or allow others to do so, for U.S. Government purposes only pursuant to the copyright license under the contract clause at DISCLAIMER OF ENDORSEMENT References in this document to any specific commercial products, process, or service by trade name, trademark, manufacturer, or otherwise, does not necessarily constitute or imply its endorsement, recommendation, or favoring by Carnegie Mellon University or the U.S. Government. The ideas and findings of authors expressed in any reports or other material should not be construed as an official Carnegie Mellon University or Department of Defense position and shall not be used for advertising or product endorsement purposes. Information contained in this document is published in the interest of scientific and technical information exchange. DISCLAIMER OF LIABILITY Any material furnished in this document by Carnegie Mellon University and the Software Engineering Institute is furnished on an "as is” basis. Carnegie Mellon University makes no warranties of any kind, either expressed or implied as to any matter including, but not limited to, warranty of fitness for purpose or merchantability, exclusivity or results obtained from use of the material. Carnegie Mellon University does not make any warranty of any kind with respect to freedom from patent, trademark, or copyright infringement.

Carnegie Mellon University Software Engineering Institute CERT® Knowledgebase Copyright © 1997 Carnegie Mellon University VU#14202 Security Policy The following security policies cannot be implemented with this vulnerability present: P 1 P 2 No process shall perform any action on behalf of another less-privileged process without validation of authorization to perform the action. No process shall execute machine instructions that are provided by another process without validation of authorization to execute those instructions.

Carnegie Mellon University Software Engineering Institute CERT® Knowledgebase Copyright © 1997 Carnegie Mellon University VU#14202 Impact Any process on a system with privileges to spawn another process can force the spawned process to execute with highest system privilege a set of machine instructions provided by the spawning process.

Carnegie Mellon University Software Engineering Institute CERT® Knowledgebase Copyright © 1997 Carnegie Mellon University VU#14202 Features The vulnerability uses the following abstract features:

Carnegie Mellon University Software Engineering Institute CERT® Knowledgebase Copyright © 1997 Carnegie Mellon University VU#14202 Configuration The set of systems, S, that are vulnerable to this vulnerability is identified by: Goal: Find all possible values for s.

Carnegie Mellon University Software Engineering Institute CERT® Knowledgebase Copyright © 1997 Carnegie Mellon University Testing for Vulnerability In many cases, it will not be possible to determine the interpretation of the stack buffer, b.  However, one may choose to deduce that under specific conditions for a given system s there must be some entity in s that can be interpreted as the stack buffer, b.  However, this may or may not actually be true.

Carnegie Mellon University Software Engineering Institute CERT® Knowledgebase Copyright © 1997 Carnegie Mellon University Abstracting the Vulnerability A whole class, C, of stack buffer overflow vulnerabilities is identified by: Goal: Find the set, C, of 5-tuples of [s, e, p, q, m] such that there is a system s that allows execution from stack memory and allows users to set the environment variable e and has a program p that runs with privilege set q that uses some method m to perform an unbounded copy from e to a buffer b on the stack.

Carnegie Mellon University Software Engineering Institute CERT® Knowledgebase Copyright © 1997 Carnegie Mellon University VU#14202 Component Classes

Carnegie Mellon University Software Engineering Institute CERT® Knowledgebase Copyright © 1997 Carnegie Mellon University VU#14202 Component

Carnegie Mellon University Software Engineering Institute CERT® Knowledgebase Copyright © 1997 Carnegie Mellon University VU#14202 Feature Relations setuid root buffer on stack unbounded strcpy VU executable stack setable env var Indicates that Ultrix 4.3A does not have the vulnerability

Carnegie Mellon University Software Engineering Institute CERT® Knowledgebase Copyright © 1997 Carnegie Mellon University VU#14202 Vulnerability Class VU 14202

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.