Presentation is loading. Please wait.

Presentation is loading. Please wait.

Carnegie Mellon University Software Engineering Institute CERT® Knowledgebase Copyright © 1997 Carnegie Mellon University VU#14202 UNIX rlogin with stack.

Published byJosie Petteway Modified over 10 years ago

Similar presentations

Presentation on theme: "Carnegie Mellon University Software Engineering Institute CERT® Knowledgebase Copyright © 1997 Carnegie Mellon University VU#14202 UNIX rlogin with stack."— Presentation transcript:

1 Carnegie Mellon University Software Engineering Institute CERT® Knowledgebase Copyright © 1997 Carnegie Mellon University VU#14202 UNIX rlogin with stack buffer overflow triggered by long TERM environment variable Reviewed: May 29, 1997 Copyright © 1997 Carnegie Mellon University CERT is registered with the U.S. Trademark and Patent Office

2 Carnegie Mellon University Software Engineering Institute CERT® Knowledgebase Copyright © 1997 Carnegie Mellon University Legal Requirements The CERT Coordination Center is part of the Software Engineering Institute. The Software Engineering Institute is operated by Carnegie Mellon University for the Department of Defense. As such, the following conditions apply: COPYRIGHTS Software Engineering Institute authored documents are sponsored by the U.S. Department of Defense under Contract F19628-95-C- 0003. Carnegie Mellon University retains copyrights in all material produced under this contract. The U.S. Government retains a non-exclusive, royalty-free license to publish or reproduce these documents, or allow others to do so, for U.S. Government purposes only pursuant to the copyright license under the contract clause at 52.227-7013. DISCLAIMER OF ENDORSEMENT References in this document to any specific commercial products, process, or service by trade name, trademark, manufacturer, or otherwise, does not necessarily constitute or imply its endorsement, recommendation, or favoring by Carnegie Mellon University or the U.S. Government. The ideas and findings of authors expressed in any reports or other material should not be construed as an official Carnegie Mellon University or Department of Defense position and shall not be used for advertising or product endorsement purposes. Information contained in this document is published in the interest of scientific and technical information exchange. DISCLAIMER OF LIABILITY Any material furnished in this document by Carnegie Mellon University and the Software Engineering Institute is furnished on an "as is” basis. Carnegie Mellon University makes no warranties of any kind, either expressed or implied as to any matter including, but not limited to, warranty of fitness for purpose or merchantability, exclusivity or results obtained from use of the material. Carnegie Mellon University does not make any warranty of any kind with respect to freedom from patent, trademark, or copyright infringement.

3 Carnegie Mellon University Software Engineering Institute CERT® Knowledgebase Copyright © 1997 Carnegie Mellon University VU#14202 Security Policy The following security policies cannot be implemented with this vulnerability present: P 1 P 2 No process shall perform any action on behalf of another less-privileged process without validation of authorization to perform the action. No process shall execute machine instructions that are provided by another process without validation of authorization to execute those instructions.

4 Carnegie Mellon University Software Engineering Institute CERT® Knowledgebase Copyright © 1997 Carnegie Mellon University VU#14202 Impact Any process on a system with privileges to spawn another process can force the spawned process to execute with highest system privilege a set of machine instructions provided by the spawning process.

5 Carnegie Mellon University Software Engineering Institute CERT® Knowledgebase Copyright © 1997 Carnegie Mellon University VU#14202 Features The vulnerability uses the following abstract features:

6 Carnegie Mellon University Software Engineering Institute CERT® Knowledgebase Copyright © 1997 Carnegie Mellon University VU#14202 Configuration The set of systems, S, that are vulnerable to this vulnerability is identified by: Goal: Find all possible values for s.

7 Carnegie Mellon University Software Engineering Institute CERT® Knowledgebase Copyright © 1997 Carnegie Mellon University Testing for Vulnerability In many cases, it will not be possible to determine the interpretation of the stack buffer, b.  However, one may choose to deduce that under specific conditions for a given system s there must be some entity in s that can be interpreted as the stack buffer, b.  However, this may or may not actually be true.

8 Carnegie Mellon University Software Engineering Institute CERT® Knowledgebase Copyright © 1997 Carnegie Mellon University Abstracting the Vulnerability A whole class, C, of stack buffer overflow vulnerabilities is identified by: Goal: Find the set, C, of 5-tuples of [s, e, p, q, m] such that there is a system s that allows execution from stack memory and allows users to set the environment variable e and has a program p that runs with privilege set q that uses some method m to perform an unbounded copy from e to a buffer b on the stack.

9 Carnegie Mellon University Software Engineering Institute CERT® Knowledgebase Copyright © 1997 Carnegie Mellon University VU#14202 Component Classes

10 Carnegie Mellon University Software Engineering Institute CERT® Knowledgebase Copyright © 1997 Carnegie Mellon University VU#14202 Component

11 Carnegie Mellon University Software Engineering Institute CERT® Knowledgebase Copyright © 1997 Carnegie Mellon University VU#14202 Feature Relations setuid root buffer on stack unbounded strcpy VU 14202 executable stack setable env var Indicates that Ultrix 4.3A does not have the vulnerability

12 Carnegie Mellon University Software Engineering Institute CERT® Knowledgebase Copyright © 1997 Carnegie Mellon University VU#14202 Vulnerability Class VU 14202

Download ppt "Carnegie Mellon University Software Engineering Institute CERT® Knowledgebase Copyright © 1997 Carnegie Mellon University VU#14202 UNIX rlogin with stack."

Similar presentations

© 2008 Oracle Corporation – Proprietary and Confidential.

© 2008 Oracle Corporation – Proprietary and Confidential.
Www.burnslev.com The Federal Technology Transfer Process: Licenses and Cooperative Research and Development Agreements ADVANCED LICENSING INSTITUTE AT.

The Federal Technology Transfer Process: Licenses and Cooperative Research and Development Agreements ADVANCED LICENSING INSTITUTE AT.
The following 10 questions test your knowledge of Internet-based client management in Configuration Manager 2007. Configuration Manager 2007 Internet-Based.

The following 10 questions test your knowledge of Internet-based client management in Configuration Manager Configuration Manager 2007 Internet-Based.
The following 10 questions test your knowledge of desired configuration management in Configuration Manager 2007. Configuration Manager Desired Configuration.

The following 10 questions test your knowledge of desired configuration management in Configuration Manager Configuration Manager Desired Configuration.
0 Overview of Bayh-Dole Act and Data Rights under the Federal Acquisition Regulation Milton Hsieh Office of Chief Counsel August 10, 2006.

0 Overview of Bayh-Dole Act and Data Rights under the Federal Acquisition Regulation Milton Hsieh Office of Chief Counsel August 10, 2006.
© 2013 Carnegie Mellon University UFO: From Underapproximations to Overapproximations and Back! Arie Gurfinkel (SEI/CMU) with Aws Albarghouthi and Marsha.

© 2013 Carnegie Mellon University UFO: From Underapproximations to Overapproximations and Back! Arie Gurfinkel (SEI/CMU) with Aws Albarghouthi and Marsha.
© 2014 Microsoft Corporation. All rights reserved.

© 2014 Microsoft Corporation. All rights reserved.
IMPORTANT READ CAREFULLY BEFORE USING THIS PRODUCT LICENSE AGREEMENT AND LIMITED WARRANTY BY INSTALLING OR USING THE SOFTWARE, FILES OR OTHER ELECTRONIC.

IMPORTANT READ CAREFULLY BEFORE USING THIS PRODUCT LICENSE AGREEMENT AND LIMITED WARRANTY BY INSTALLING OR USING THE SOFTWARE, FILES OR OTHER ELECTRONIC.
Concentrating Solar Deployment Systems (CSDS) A New Model for Estimating U.S. Concentrating Solar Power Market Potential Nate Blair, Walter Short, Mark.

Concentrating Solar Deployment Systems (CSDS) A New Model for Estimating U.S. Concentrating Solar Power Market Potential Nate Blair, Walter Short, Mark.
© 2011 Carnegie Mellon University System of Systems V&V John B. Goodenough October 19, 2011.

© 2011 Carnegie Mellon University System of Systems V&V John B. Goodenough October 19, 2011.
© 2013 Carnegie Mellon University Academy for Software Engineering Education and Training, 2013 Session Architect: Tony Cowling Session Chair: Nancy Mead.

© 2013 Carnegie Mellon University Academy for Software Engineering Education and Training, 2013 Session Architect: Tony Cowling Session Chair: Nancy Mead.
© 2007-2011 Carnegie Mellon University The CERT Insider Threat Center.

© Carnegie Mellon University The CERT Insider Threat Center.
Megan Houchin Safety Analysis Engineering Y-12 National Security Complex SAWG May 7 th, 2012.

Megan Houchin Safety Analysis Engineering Y-12 National Security Complex SAWG May 7 th, 2012.
Air Force Materiel Command I n t e g r i t y - S e r v i c e - E x c e l l e n c e Developing, Fielding, and Sustaining America’s Aerospace Force INTELLECTUAL.

Air Force Materiel Command I n t e g r i t y - S e r v i c e - E x c e l l e n c e Developing, Fielding, and Sustaining America’s Aerospace Force INTELLECTUAL.
CS 5150 1 CS 5150: Software Engineering Lecture 5 Legal Aspects of Software Engineering 1.

CS CS 5150: Software Engineering Lecture 5 Legal Aspects of Software Engineering 1.
Copyright and Alternatives to Copyright Why now? Rita S. Heimes Director, Technology Law Center University of Maine School of Law Rita S. Heimes Director,

Copyright and Alternatives to Copyright Why now? Rita S. Heimes Director, Technology Law Center University of Maine School of Law Rita S. Heimes Director,
© 2011 Carnegie Mellon University Should-Cost: A Use for Parametric Estimates Additional uses for estimation tools Presenters:Bob Ferguson (SEMA) Date:November.

© 2011 Carnegie Mellon University Should-Cost: A Use for Parametric Estimates Additional uses for estimation tools Presenters:Bob Ferguson (SEMA) Date:November.
Jul 2006 1The New Geant4 License J. Perl The New Geant4 License Makes clear the user’s wide- ranging freedom to use, extend or redistribute Geant4, even.

Jul The New Geant4 License J. Perl The New Geant4 License Makes clear the user’s wide- ranging freedom to use, extend or redistribute Geant4, even.
Software Protection & Scope of the Right holder Options for Developing Countries Presentation by: Dr. Ahmed El Saghir Judge at the Council of State Courts.

Software Protection & Scope of the Right holder Options for Developing Countries Presentation by: Dr. Ahmed El Saghir Judge at the Council of State Courts.
1 Copyright © 2012 Mahindra & Mahindra Ltd. All rights reserved. 1 Change Management – Process and Roles.

1 Copyright © 2012 Mahindra & Mahindra Ltd. All rights reserved. 1 Change Management – Process and Roles.

Similar presentations

Ads by Google