Presentation is loading. Please wait.

Presentation is loading. Please wait.

Carnegie Mellon University Software Engineering Institute CERT® Knowledgebase Copyright © 1997 Carnegie Mellon University VU#14202 UNIX rlogin with stack.

Similar presentations


Presentation on theme: "Carnegie Mellon University Software Engineering Institute CERT® Knowledgebase Copyright © 1997 Carnegie Mellon University VU#14202 UNIX rlogin with stack."— Presentation transcript:

1 Carnegie Mellon University Software Engineering Institute CERT® Knowledgebase Copyright © 1997 Carnegie Mellon University VU#14202 UNIX rlogin with stack buffer overflow triggered by long TERM environment variable Reviewed: May 29, 1997 Copyright © 1997 Carnegie Mellon University CERT is registered with the U.S. Trademark and Patent Office

2 Carnegie Mellon University Software Engineering Institute CERT® Knowledgebase Copyright © 1997 Carnegie Mellon University Legal Requirements The CERT Coordination Center is part of the Software Engineering Institute. The Software Engineering Institute is operated by Carnegie Mellon University for the Department of Defense. As such, the following conditions apply: COPYRIGHTS Software Engineering Institute authored documents are sponsored by the U.S. Department of Defense under Contract F C Carnegie Mellon University retains copyrights in all material produced under this contract. The U.S. Government retains a non-exclusive, royalty-free license to publish or reproduce these documents, or allow others to do so, for U.S. Government purposes only pursuant to the copyright license under the contract clause at DISCLAIMER OF ENDORSEMENT References in this document to any specific commercial products, process, or service by trade name, trademark, manufacturer, or otherwise, does not necessarily constitute or imply its endorsement, recommendation, or favoring by Carnegie Mellon University or the U.S. Government. The ideas and findings of authors expressed in any reports or other material should not be construed as an official Carnegie Mellon University or Department of Defense position and shall not be used for advertising or product endorsement purposes. Information contained in this document is published in the interest of scientific and technical information exchange. DISCLAIMER OF LIABILITY Any material furnished in this document by Carnegie Mellon University and the Software Engineering Institute is furnished on an "as is” basis. Carnegie Mellon University makes no warranties of any kind, either expressed or implied as to any matter including, but not limited to, warranty of fitness for purpose or merchantability, exclusivity or results obtained from use of the material. Carnegie Mellon University does not make any warranty of any kind with respect to freedom from patent, trademark, or copyright infringement.

3 Carnegie Mellon University Software Engineering Institute CERT® Knowledgebase Copyright © 1997 Carnegie Mellon University VU#14202 Security Policy The following security policies cannot be implemented with this vulnerability present: P 1 P 2 No process shall perform any action on behalf of another less-privileged process without validation of authorization to perform the action. No process shall execute machine instructions that are provided by another process without validation of authorization to execute those instructions.

4 Carnegie Mellon University Software Engineering Institute CERT® Knowledgebase Copyright © 1997 Carnegie Mellon University VU#14202 Impact Any process on a system with privileges to spawn another process can force the spawned process to execute with highest system privilege a set of machine instructions provided by the spawning process.

5 Carnegie Mellon University Software Engineering Institute CERT® Knowledgebase Copyright © 1997 Carnegie Mellon University VU#14202 Features The vulnerability uses the following abstract features:

6 Carnegie Mellon University Software Engineering Institute CERT® Knowledgebase Copyright © 1997 Carnegie Mellon University VU#14202 Configuration The set of systems, S, that are vulnerable to this vulnerability is identified by: Goal: Find all possible values for s.

7 Carnegie Mellon University Software Engineering Institute CERT® Knowledgebase Copyright © 1997 Carnegie Mellon University Testing for Vulnerability In many cases, it will not be possible to determine the interpretation of the stack buffer, b.  However, one may choose to deduce that under specific conditions for a given system s there must be some entity in s that can be interpreted as the stack buffer, b.  However, this may or may not actually be true.

8 Carnegie Mellon University Software Engineering Institute CERT® Knowledgebase Copyright © 1997 Carnegie Mellon University Abstracting the Vulnerability A whole class, C, of stack buffer overflow vulnerabilities is identified by: Goal: Find the set, C, of 5-tuples of [s, e, p, q, m] such that there is a system s that allows execution from stack memory and allows users to set the environment variable e and has a program p that runs with privilege set q that uses some method m to perform an unbounded copy from e to a buffer b on the stack.

9 Carnegie Mellon University Software Engineering Institute CERT® Knowledgebase Copyright © 1997 Carnegie Mellon University VU#14202 Component Classes

10 Carnegie Mellon University Software Engineering Institute CERT® Knowledgebase Copyright © 1997 Carnegie Mellon University VU#14202 Component

11 Carnegie Mellon University Software Engineering Institute CERT® Knowledgebase Copyright © 1997 Carnegie Mellon University VU#14202 Feature Relations setuid root buffer on stack unbounded strcpy VU executable stack setable env var Indicates that Ultrix 4.3A does not have the vulnerability

12 Carnegie Mellon University Software Engineering Institute CERT® Knowledgebase Copyright © 1997 Carnegie Mellon University VU#14202 Vulnerability Class VU 14202


Download ppt "Carnegie Mellon University Software Engineering Institute CERT® Knowledgebase Copyright © 1997 Carnegie Mellon University VU#14202 UNIX rlogin with stack."

Similar presentations


Ads by Google