[wellylug] Re: Microsoft FUD at work (Linux fud too?)

Ben Hawkes ben.hawkes at paradise.net.nz
Mon Jan 13 23:31:32 NZDT 2003 

<snip>

>
> -------------------
> <snip etc etc>
>
> >> UNIX boxes are hacked / cracked / DOS'd each day than any other OS.
> >
> >Really? Could you support that?
>
> Working on it. Just sent a E-Mail rerequesting a paper I read
> recently.
>
> >Um, as I understand it, the "chunking" bug was not widely exploited
>
> at
>
> >all, dependant as it was on particular Apache builds on particular
> >hardware. And of course, it was disclosed, _before_ exploits were
>
> seen
>
> >in the wild.
>
> Grep bugtraq. The chunk handling issues were raised about a year
> before on the list. The apache developers discarded it, and it is
> known at least two underground groups had sucessfully exploited it
> long before it was rediscovered with the oracle research.

>From memory, the only reason the chunked-encoding issue was exploitable at 
all was because of the implementation of memcpy() used by BSD not handling 
negative len values too well (negative len value's HSBs could be zero'd, 
resulting in a large positive number),  which in turn lead to a stack 
overflow - meaning that as far as we know (GOBBLES, of course, states 
otherwise) this bug wasn't exploitable on Linux. 

Linux/BSD semantics, I know. : D

'Underground' groups successfully exploit unknown bugs all the time. That's 
where their whole anti-full-disclosure argument really comes from.

>
> >> 2) If its "0day" and public, chances are it's been known to private
> >> individuals for at least a year.
> >
> >That goes for any platform, surely?
>
> Yes. But I am sick of tired of people saying "another ms hack!
> hahaha". Yet certain linux bugs (ie, the latest wordwrap bug for php,
> which, apparently there is a exploit around for already - look out for
> 4.3.1 which has a fix) don't tend to get alot of media / list / nntp /
> whatever-internet-medium-you wish-here-coverage.
>

Uhm. The wordwrap bug isn't limited to Linux - It's a bug in a PHP function, 
not the actual module itself. PHP code utilising the function on windows may 
also suffer from buffer overflows. It didn't recieve much publicity because 
it just isn't *that* much of a risk.

The bug in wordwrap is fixed in 4.3.0

Other than that, I sort of agree with you. However, in my opinion, a properly 
secured linux host (ie, grsec patched, ACLs) has just as much (maybe even 
more) hope of surviving on the net than a fully patched/secured/whatever'd 
Windows box.

ben ^

------------------------ Yahoo! Groups Sponsor ---------------------~-->
Turn flat surfaces into speakers with the Soundbug.
http://us.click.yahoo.com/QWAVSC/onCFAA/xGHJAA/0XFolB/TM
---------------------------------------------------------------------~->

  .-.   Wellington
  /V\   Linux
 // \\  Users       
/(   )\ Group
 ^^-^^
        http://wlug.paradise.net.nz/

To unsubscribe from this group, send an email to:
wellylug-unsubscribe at egroups.com
  

Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/

More information about the wellylug mailing list