In the quest to provide complete Attack Surface Coverage, we strive to identify patterns of abuse in protocols that we can replicate across other protocols and applications. We call them Vulnerability Patterns, because it abstracts the problem away from the programming language, the protocol or the one-off vulnerability in a particular version of a given product. It’s a powerful concept, especially if you can capture this pattern and apply it to every single place you see it. It’s no different from Design Patterns used in software engineering.
Over the next few blogs I’ll try and relate vulnerabilities on seemingly disparate protocols and see how there’s something fundamental about them. For each pattern, we’ll examine a set of published vulnerabilities and then talk about which other protocols have this pattern.
The two common patterns that people immediately identify with are buffer overflow and format-string. Obviously, when we are writing mutations, we want to overflow every part of the protocol and insert format strings in all the places that are likely to be written to a log file, etc. Are there others? Let’s start with TLV’s (Type/Length/Values).
This is a classic. Supposedly a protocol contains a list of TLV fields for [ahem] extensibility. The theory is that the parser for this protocol can skip over types that it doesn’t understand since there’s a length associated with it. Well, reality works differently. If the length field includes the length of the type field, then a length of zero will typically cause infinite loops. Long time ago, in the early part of my previous life building IDP’s, we had a bug in the IP-options parsing code where the pointer increment in the while loop wasn’t checking for zero-lengths. The result? Infinite loops followed by a kernel panic when the watch-dog kicked in. Turns out we were not the only ones:
- Symantec Firewall TCP Option DoS
- Tcpdump Multiple DoS vulnerabilities
- Mozilla PNG vulnerability
This pattern exists in protocols like DHCP, ISAKMP, IPv6, LLDP, SCTP, PPPoE, etc.
For the next Vulnerability Pattern, we’ll go through Nested TLV’s. Stay tuned.
Pingback: guaranteed rankings
Pingback: best supplements for muscle gain
Pingback: Dallas Advertising
Pingback: Dallas Family Portrait Photographer
Pingback: webcam chat
Pingback: LED Lights
Pingback: flights to pakistan
Pingback: paranormal activities
Pingback: Temple run cheats
Pingback: agriturismi salerno
Pingback: Dallas Headshot Photographers
Pingback: Free Movie Downloads
Pingback: army bootcamp
Pingback: Dentist
Pingback: Low Interest Payday Loans
Pingback: watch free movies online
Pingback: Legal Buds
Pingback: target sms coupons
Pingback: Herbal Buds
Pingback: Best Spice To Smoke
Pingback: free iphone
Pingback: ford explorer
Pingback: legal expenses cover
Pingback: Chicago windows
Pingback: read us
Pingback: Yarn Bombing
Pingback: Water softener
Pingback: Blitzeranwalt
Pingback: Web Hosting Comparison
Pingback: Cary Leung Sun Life
Pingback: ingilizce konusma
Pingback: Facebook Cover Photo
Pingback: restaurant katy
Pingback: Service
Pingback: Comprar livro do seth godin
Pingback: backlinks for seo
Pingback: dab cd player
Pingback: Make Money Online
Pingback: racunovodstvo
Pingback: luxury villa rental st lucia
Pingback: Jesse V.
Pingback: Raleigh catering
Pingback: Super Bowl Picks
Pingback: landscaping smithfield nc
Pingback: Wedding photographers in Miami
Pingback: Fireless Fireplace
Pingback: High Risk Credit Card Processing
Pingback: Organo Gold
Pingback: Pokemon Rom Hacks
Pingback: lyrics search
Pingback: eye floaters
Pingback: cybex arc trainer 360a
Pingback: como puedo quedar embarazada
Pingback: buy neopoints
Pingback: Escort girl Paris
Pingback: San Francisco SEO Company
Pingback: spamfilter
Pingback: take fish oil supplements
Pingback: syntha six protein powder
Pingback: work from home
Pingback: spray tan mobile
Pingback: Montage Photo Gratuit
Pingback: work at home
Pingback: make money online
Pingback: pin up girl hair
Pingback: thesis
Pingback: resume help
Pingback: how to make your hair wavy with a curling iron
Pingback: bleeding while pregnant
Pingback: Wholesale Clothing
Pingback: Hair Removal
Pingback: Good video camera
Pingback: Fitness
Pingback: dating
Pingback: earn money online
Pingback: junk removal
Pingback: Scott Tucker Payday Loans
Pingback: Scott Tucker Payday Loans
Pingback: mechanics
Pingback: winchester gun safe
Pingback: cold sore treatment
Pingback: Laser Keyboard iPhone
Pingback: Scott Tucker Racing
Pingback: Scott Tucker CBS
Pingback: Scott Tucker CBS
Pingback: Scott Tucker CBS
Pingback: Scott Tucker Leawood
Pingback: join huge yield
Pingback: SEO Link Monster
Pingback: Watch TV Online Live
Pingback: ramos de novia originales
Pingback: Kids climbing frames
Pingback: Scott Tucker Payday Loans
Pingback: Scott Tucker Payday Loans
Pingback: leather wallets for men
Pingback: Scott Tucker Racing
Pingback: How to Lose Weight In Your Stomach
Pingback: gynexin
Pingback: POF Secrets
Pingback: Justin Bieber Baby
Pingback: REO Real Estate Owned
Pingback: Scott Tucker CBS
Pingback: Scott Tucker Leawood
Pingback: REO Companies
Pingback: broker price opinion
Pingback: natural remedies for cold sores
Pingback: spinach health benefits
Pingback: http://www.athletesacceleration.com/powerclean.htmld_of_snatch&cr=
Pingback: future technology predictions
Pingback: football speed
Pingback: Euro
Pingback: prizes
Pingback: Spending behavior
Pingback: office insurance
Pingback: bad credit car loan
Pingback: credit consolidation
Pingback: Reife Frauen Sex
Pingback: Does Proactol Work
Pingback: lotto blackbook
Pingback: tarot gratis
Pingback: maryland short sale expert
Pingback: North Myrtle Beach Vacations
Pingback: soul eater
Pingback: pawnbrokers
Pingback: link
Pingback: rifle scopes
Pingback: natural remedies for psoriasis
Pingback: Air Conditioning Maintenance
Pingback: Spokane Photographer
Pingback: chris murray
Pingback: front door marketing
Pingback: Mass Income Multiplier
Pingback: Keyword doesn't matter
Pingback: Tampa Exterminator
Pingback: Business Insurance Tampa
Pingback: protein powder for women
Pingback: project payday review
Pingback: Late Holiday Deals
Pingback: Fidel Sechler
Pingback: free cam porn
Pingback: Strom sparen
Pingback: escort girls los angeles
Pingback: SEO Link Monster bonus
Pingback: Careers Canada
Pingback: best running treadmill
Pingback: increase sperm count
Pingback: resume
Pingback: Tony Ortega
Pingback: read more about seo
Pingback: waxless skis
Pingback: both teams to score
Pingback: Bola tangkas
Pingback: passing kidney stones
Pingback: togel
Pingback: seinfeld episodes online
Pingback: Scott Tucker Racing
Pingback: Scott Tucker Racing
Pingback: Scott Tucker CBS
Pingback: Scott Tucker Racing
Pingback: Scott Tucker CBS
Pingback: zeekrewards.com review
Pingback: just been paid tripler
Pingback: marketing with anik
Pingback: Uncorded curtain poles
Pingback: Hurtigt lan
Pingback: document solutions
Pingback: Video Presentations
Pingback: salt lake city dentist
Pingback: photographie immobiliere Montreal
Pingback: epic fantasy
Pingback: Anwar Sadhe
Pingback: music online distribution
Pingback: earth4energy
Pingback: online betting
Pingback: Performance engine parts
Pingback: merchant cash advance
Pingback: webcam sex
Pingback: Epidermal Repair
Pingback: loans for restaurants
Pingback: Rachel Greenlief
Pingback: mercedes 200
Pingback: Kamala Allegra
Pingback: injection moulding
Pingback: Lean Atleh
Pingback: Social Media Marketing
Pingback: Glynis Trevigne
Pingback: Best Way to Lose Belly Fat for Women
Pingback: Swinging Door Traffic
Pingback: Processors that will process for guns and amunition
Pingback: katakana android
Pingback: Did the USA Build Itself on Christian Values in our Schools?
Pingback: syracuse seo service
Pingback: echeck
Pingback: busana pengantin
Pingback: Background check
Pingback: Renegade millionaire bonus
Pingback: Hyundai Visor
Pingback: music running
Pingback: cam und telefonspass
Pingback: camgirls mit telefon
Pingback: reputation management
Pingback: click this link
Pingback: Deneen Justice
Pingback: maduras
Pingback: music mastering equipment
Pingback: http://www.hairremovalhype.com
Pingback: hydroxycut max for women
Pingback: hbo luck
Pingback: cheap car insurance
Pingback: replica watches
Pingback: bowflex selecttech 552 dumbbells
Pingback: myoplex
Pingback: how to have a flat stomach
Pingback: necklace
Pingback: gentle dentistry los angeles
Pingback: Ganesha Shirt
Pingback: electronics
Pingback: wasserkerne
Pingback: http://www.floridahomeinsurancequotes.com
Pingback: nitric oxide
Pingback: Scrapeboard
Pingback: Fidel Mckeighan
Pingback: santa monica organic color
Pingback: Electronic cigarette
Pingback: cure for piles
Pingback: spell check writing
Pingback: all things travelling
Pingback: north port tattoos
Pingback: scorpion helmets
Pingback: Dedicated Server
Pingback: VPS server
Pingback: sanibel florida gulf front
Pingback: barrister
Pingback: url
Pingback: searscard.com
Pingback: Ehtel Magone
Pingback: discount code true nutrition
Pingback: Weston Swenson
Pingback: nopalea scam
Pingback: Maryland
Pingback: buy steroids
Pingback: Scrapebox VPS Server
Pingback: white bunk beds
Pingback: ways to make money
Pingback: VPS Server
Pingback: game
Pingback: millitary communications tower
Pingback: residential mailboxes
Pingback: mobile communications tower
Pingback: Recessed Toilet Paper Holder
Pingback: thank you for hpv
Pingback: hpv
Pingback: james
Pingback: dental implants
Pingback: buy tractor tires online
Pingback: bad credit mobile phones
Pingback: trucking accident attorney lancaster ca
Pingback: how to write a summary on a book
Pingback: touch up paint for cars melbourne
Pingback: http://google-redirect-virus-removal.org
Pingback: toyo extensa tires