Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Web-App-Sec
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Full-disclosure] Buffer OverFlow in ILASM and ILDASM

from [Dinis Cruz] Network Security [Permanent Link]
Subject: [Full-disclosure] Buffer OverFlow in ILASM and ILDASM
Date: Mon, 27 Mar 2006 01:53:24 +0100 
Hello, just in case you haven't seen this one...

Last year I found a Buffer Overflow in Microsoft's .Net SDK ILDASM tool
which I reported privately to MSRC and eventually (after Microsoft's
response) publicly to the (low profile) Owasp-dotnet mailing list.

I was waiting for Microsoft to publicly post something about this
(although they are not going to fix it in the near future, they should
at least make their customers aware of the issue), but since they don't
seem willing to do it, here is a copy of the email I sent to the
Owasp-dotnet mailing list on 14th December 2005:

/"I just posted to this forum (Owasp .Net <http://www.owasp.net/forums/>
» Forums <http://owasp.net/forums/default.aspx?ForumGroupID=4> » .Net
Security <http://owasp.net/forums/5/ShowForum.aspx>) a series of posts
that existed in a private forum of www.owasp.net (used for issues like
this (i.e. we want the information to be shared amongst selected
Owasp.Net users but don't want it to be publicly disclosed (yet))) about
a vulnerability that me and Kerem discovered on ILASM and ILDASM:
/

    * /To MSRC: Buffer OverFlow in ILASM and ILDASM
      <http://www.owasp.net/forums/257/ShowPost.aspx> - The entire email
      conversation with MSRC (secure@microsoft.com) going from the
      initial response to the final answer where they will not threat
      this as a vulnerability and will not issue a security advisory for
      it (the solution will be included in the next Service Pack)
      /
    * /Buffer Overflow in ILASM
      <http://www.owasp.net/forums/222/ShowPost.aspx> - original email
      containing my first thoughts/
    * /ILDASM Exception Creator
      <http://www.owasp.net/forums/234/ShowPost.aspx>- little tool
      created by Kerem to create .Net assemblies that crash ILDASM
      /
    * / ILDAM vulnerability ShellCode development
      <http://owasp.net/forums/252/ShowPost.aspx>
      <http://owasp.net/forums/252/ShowPost.aspx>- more code snippets
      and comments (now related to trying to inject a shellcode into the
      vulnerable process)/

/The bottom line is that this is a real issue in 1.1 and 1.0 (2.0 seems
to mitigate them), Microsoft has acknowledge the problem but will not
release a patch any time soon.

So be careful when you ILDASM something.

I also think that this issue needs further research since when we were
testing the Overflows we were finding them in several places in ILASM
and ILDASM (which means that there are probably many more variations
still to be discovered/mapped)
/
/Dinis Cruz
Owasp .Net Project Leader
www.owasp.net "/



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Offtopic: Guidelines for Safe Internet brownsing for minors, Kris Kahn
Next by Date:  [Full-disclosure] Re: [Owasp-dotnet] RE: [SC-L] 4 Questions: Latest IE vulnerability, Firefox vs IE security, Uservs Admin risk profile, and browsers coded in 100% Managed Verifiable code, Dinis Cruz
Previous by Thread:  [Full-disclosure] RE: [SC-L] 4 Questions: Latest IE vulnerability, Firefox vs IE security, Uservs Admin risk profile, and browsers coded in 100% Managed Verifiable code, Wall, Kevin
Next by Thread:  [Full-disclosure] Re: [Owasp-dotnet] RE: [SC-L] 4 Questions: Latest IE vulnerability, Firefox vs IE security, Uservs Admin risk profile, and browsers coded in 100% Managed Verifiable code, Dinis Cruz
Indexes:  [Date] [Thread] [Top] [All Lists]