Star This New Vulnerability: Dowd's Inhuman Flash Exploit
Linked by David Adams on Wed 16th Apr 2008 15:58 UTC, submitted by supergear
Privacy, Security, Encryption IBM researcher Mark Dowd has outlined a Flash vulnerability that could allow for a rare cross-platform web-based exploit. Matasano Chargen uses a Super Mario metaphor, an example we can all relate to, to illuminate it.
E-mail Print r 4   21 Comment(s) http://osne.ws/f5j
Thread beginning with comment 309939
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE: Incredible!
by Doc Pain on Wed 16th Apr 2008 19:22 UTC in reply to "Incredible!"
Doc Pain
Member since:
2006-10-08

On the surface, easy exploits have disappeared from most software or have been disabled by the OS.


As I have understood from the article, the exploit relies on a.. excuse me, I hope it doesn't sound as an insult... on a stupid lazyness. A simple check against NULL in a kind of malloc() operation. Is it that hard? I always thought that programmers who allocate the memory theirselves (instead of using a library that offers protected allocations or at least let the OS check for allocation errors) are responsible enough to check the result of the allocation.

foo = malloc(100 GB);
/* We don't need to check for NULL because everyone has enough RAM. */
some_operation(foo);
/* We're sure the operation succeeded */

:-)

And I think it's unacceptable that "Flash" seems to bypass means of memory protection provided by the OS. "Unimportant" stuff like "Flash", mostly just used as a video stream player, should not be allowed to break intended system borders in such a way.

Actually, though, hackers are still a step ahead and already planning for their next move.


I think so, too. But can you really complain about their moves when others make it that easy for them? (Yes, you can, at last I do.)

As long as hackers stay away from open source players, I am safe, I guess. ;)


Woa, I think it was a good idea not to use (install) any "Flash" over the years... :-)

Reply Parent Bookmark Score: 4

RE[2]: Incredible!
by sakeniwefu on Wed 16th Apr 2008 20:36 in reply to "RE: Incredible!"
sakeniwefu Member since:
2008-02-26

I don't think the exploit as basic as you seem to imply.
It does derive from the same programmer stupidity or ignorance as printf(char*) and buffer overflows in string operations, but while those are critical, very known, and rare in production code today, this error is still common.
This is because of wrong assumptions. You will be hard pressed to find a program where a function like fopen isn't checked for error return values, but malloc is likely to be left unchecked, especially if the code was initially written as a quick hack to get something working.
However, even if the malicious code is able to make an "infallible" function fail, there are many chances that this results at most in simply segfaulting the program. So this adds to the perceived safety of not checking a given function and makes this kind of exploit even more dangerous.

Reply Parent Bookmark Score: 2