In the quest to provide complete Attack Surface Coverage, we strive to identify patterns of abuse in protocols that we can replicate across other protocols and applications. We call them Vulnerability Patterns, because it abstracts the problem away from the programming language, the protocol or the one-off vulnerability in a particular version of a given product. It’s a powerful concept, especially if you can capture this pattern and apply it to every single place you see it. It’s no different from Design Patterns used in software engineering.
Over the next few blogs I’ll try and relate vulnerabilities on seemingly disparate protocols and see how there’s something fundamental about them. For each pattern, we’ll examine a set of published vulnerabilities and then talk about which other protocols have this pattern.
The two common patterns that people immediately identify with are buffer overflow and format-string. Obviously, when we are writing mutations, we want to overflow every part of the protocol and insert format strings in all the places that are likely to be written to a log file, etc. Are there others? Let’s start with TLV’s (Type/Length/Values).
This is a classic. Supposedly a protocol contains a list of TLV fields for [ahem] extensibility. The theory is that the parser for this protocol can skip over types that it doesn’t understand since there’s a length associated with it. Well, reality works differently. If the length field includes the length of the type field, then a length of zero will typically cause infinite loops. Long time ago, in the early part of my previous life building IDP’s, we had a bug in the IP-options parsing code where the pointer increment in the while loop wasn’t checking for zero-lengths. The result? Infinite loops followed by a kernel panic when the watch-dog kicked in. Turns out we were not the only ones:
- Symantec Firewall TCP Option DoS
- Tcpdump Multiple DoS vulnerabilities
- Mozilla PNG vulnerability
This pattern exists in protocols like DHCP, ISAKMP, IPv6, LLDP, SCTP, PPPoE, etc.
For the next Vulnerability Pattern, we’ll go through Nested TLV’s. Stay tuned.
Pingback: guaranteed rankings
Pingback: best supplements for muscle gain
Pingback: Dallas Advertising
Pingback: Dallas Family Portrait Photographer
Pingback: webcam chat
Pingback: LED Lights
Pingback: flights to pakistan
Pingback: paranormal activities
Pingback: Temple run cheats
Pingback: agriturismi salerno
Pingback: Dallas Headshot Photographers
Pingback: Free Movie Downloads
Pingback: army bootcamp
Pingback: Dentist
Pingback: Low Interest Payday Loans
Pingback: watch free movies online
Pingback: Legal Buds
Pingback: target sms coupons
Pingback: Herbal Buds
Pingback: Best Spice To Smoke
Pingback: free iphone
Pingback: ford explorer
Pingback: legal expenses cover
Pingback: Chicago windows
Pingback: read us
Pingback: Yarn Bombing
Pingback: Water softener
Pingback: Blitzeranwalt
Pingback: Web Hosting Comparison
Pingback: Cary Leung Sun Life
Pingback: ingilizce konusma
Pingback: Facebook Cover Photo
Pingback: restaurant katy
Pingback: Service
Pingback: Comprar livro do seth godin
Pingback: backlinks for seo
Pingback: dab cd player
Pingback: Make Money Online
Pingback: racunovodstvo
Pingback: luxury villa rental st lucia
Pingback: Jesse V.
Pingback: Raleigh catering
Pingback: Super Bowl Picks
Pingback: landscaping smithfield nc
Pingback: Wedding photographers in Miami
Pingback: Fireless Fireplace
Pingback: High Risk Credit Card Processing
Pingback: Organo Gold
Pingback: Pokemon Rom Hacks
Pingback: lyrics search
Pingback: eye floaters
Pingback: cybex arc trainer 360a
Pingback: como puedo quedar embarazada
Pingback: buy neopoints
Pingback: Escort girl Paris
Pingback: San Francisco SEO Company
Pingback: spamfilter
Pingback: take fish oil supplements
Pingback: syntha six protein powder
Pingback: work from home
Pingback: spray tan mobile
Pingback: Montage Photo Gratuit
Pingback: work at home
Pingback: make money online
Pingback: pin up girl hair
Pingback: thesis
Pingback: resume help
Pingback: how to make your hair wavy with a curling iron
Pingback: bleeding while pregnant
Pingback: Wholesale Clothing
Pingback: Hair Removal
Pingback: Good video camera
Pingback: Fitness
Pingback: dating
Pingback: earn money online
Pingback: junk removal
Pingback: Scott Tucker Payday Loans
Pingback: Scott Tucker Payday Loans
Pingback: mechanics
Pingback: winchester gun safe
Pingback: cold sore treatment
Pingback: Laser Keyboard iPhone
Pingback: Scott Tucker Racing
Pingback: Scott Tucker CBS
Pingback: Scott Tucker CBS
Pingback: Scott Tucker CBS
Pingback: Scott Tucker Leawood
Pingback: join huge yield
Pingback: SEO Link Monster
Pingback: Watch TV Online Live
Pingback: ramos de novia originales
Pingback: Kids climbing frames
Pingback: Scott Tucker Payday Loans
Pingback: Scott Tucker Payday Loans
Pingback: leather wallets for men
Pingback: Scott Tucker Racing
Pingback: How to Lose Weight In Your Stomach
Pingback: gynexin
Pingback: POF Secrets
Pingback: Justin Bieber Baby
Pingback: REO Real Estate Owned
Pingback: Scott Tucker CBS
Pingback: Scott Tucker Leawood
Pingback: REO Companies
Pingback: broker price opinion
Pingback: natural remedies for cold sores
Pingback: spinach health benefits