SecurityFocus

Penetration of HP/UX Jun 08 2011 07:30AM
Philipp Lachberger (ph_lachi yahoo de) (4 replies)

Re: Penetration of HP/UX Jun 13 2011 11:05AM
Marco Ivaldi (raptor mediaservice net) (1 replies)

Re: Penetration of HP/UX Jun 14 2011 07:26PM
Philipp Lachberger (ph_lachi yahoo de) (1 replies)

Re: Penetration of HP/UX Jun 15 2011 12:54AM
Paul Melson (pmelson gmail com)

Re: Penetration of HP/UX Jun 13 2011 12:01AM
Paul Melson (pmelson gmail com)

Re: Penetration of HP/UX Jun 12 2011 10:23PM
Nur Agus (nuragus linux gmail com) (1 replies)

Re: Penetration of HP/UX Jun 18 2011 09:58PM
Abuse 007 (abuse007 gmail com) (1 replies)

Re: Penetration of HP/UX Jun 19 2011 04:59AM
michael getachew (michaelhoustong yahoo com) (2 replies)

Re: Penetration of HP/UX Jun 19 2011 12:09PM
Paul Melson (pmelson gmail com) (2 replies)

Re: Penetration of HP/UX Jun 20 2011 02:21PM
Jan Muenther (jan muenther nruns com)

Paul's pointed out a lot of important aspects, but one thing to keep in
mind, too, are that it also depends on the platform whether a piece of
code actually compiles to a memory corruption condition or not. This is
particularly true with the more or less recent transition from 32 to 64
bit platforms, where such issues as pointer truncation kick in.

Just sayin'.

Cheers,
Jan
> On Jun 19, 2011, at 12:59 AM, michael getachew <michaelhoustong (at) yahoo (dot) com [email concealed]> wrote:
>> also,I get how the shellcodes and all that has to be different but i still fail to understand how a buffer overflow would work on one architecture and fail on another.i am always baffled when i hear a certain vuln/exploit is only on x86 or x86_64. I'm sure there is an explanation to this i just don't know it yet so please enlighten me on the this subject.
> There are lots of reasons this can be true. An obvious one is the availability of the NX bit in CPUs. X86_64 and others (SPARC, PPC, IA64), support noexec stacks as an instruction bit to the CPU core. Whereas x86 CPUs like P3 and earlier do not. Therefore, simple buffer overflows are highly reliable on older x86 systems because OS features like Windows DEP don't work.
>
> Other issues with arch-specific exploitation include differences in registers, instruction size, and stack layout. These create nuances in the exploitability of a vulnerability - like the need for an overflowable buffer to also be in a nested function on Solaris/SPARC in order to be exploitable. Overall I wouldn't say any 1 modern architecture is significantly less exploitable than the others, but not every bug is a vuln on every platform.
>
> PaulM
>
> ------------------------------------------------------------------------

> This list is sponsored by: Information Assurance Certification Review Board
>
> Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.
>
> http://www.iacertification.org
> ------------------------------------------------------------------------

>

--
Jan Muenther

------------------------------------------------------------------------

This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------

[ reply ]

Re: Penetration of HP/UX Jun 19 2011 08:11PM
AK (platsakos gmail com) (1 replies)

Re: Penetration of HP/UX Jun 19 2011 09:48PM
Paul Melson (pmelson gmail com)

Re: Penetration of HP/UX Jun 19 2011 07:34AM
Roland Kessler (rokessler gmx net) (1 replies)

Re: Penetration of HP/UX Jun 19 2011 02:49PM
michael getachew (michaelhoustong yahoo com)

Re: Penetration of HP/UX Jun 12 2011 09:21PM
AK (platsakos gmail com)