a bug s life
play

A Bugs Life Story of a Solaris 0day 2001-2019 Marco Ivaldi - PowerPoint PPT Presentation

May 12, 2023 •372 likes •860 views

A Bugs Life Story of a Solaris 0day 2001-2019 Marco Ivaldi <raptor@0xdeadbeef.info> #INFILTRATE19, Miami Beach A Bit of Background Source: https://www.computerhistory.org/timeline/1995/ How to Write Buffer Overflows (1995):

  1. A Bug’s Life Story of a Solaris 0day 2001-2019 Marco Ivaldi <raptor@0xdeadbeef.info> #INFILTRATE19, Miami Beach

  3. A Bit of Background Source: https://www.computerhistory.org/timeline/1995/

  4. How to Write Buffer Overflows (1995): https://insecure.org/stf/mudge_buffer_overflow_tutorial.html Smashing the Stack for Fun and Profit (1996): http://phrack.org/issues/49/14.html

  5. Source: https://www.exploit-db.com/?author=315&platform=solaris

  6. Source: https://seclists.org/bugtraq/2004/Dec/401

  7. Source: https://web.archive.org/web/20030323044416/http://www.0dd.com:80/

  8. Once Upon a Time in 2004 Source: https://www.computerhistory.org/timeline/2004/

  9. Source: https://en.wikipedia.org/wiki/SPARC#/media/File:Sun_UltraSPARCII.jpg

  10. Source: 0dd private mailing list (February 2004)

  12. Source: 0dd private mailing list (February 2004)

  13. Source: @stake 0day pack (November 2004)

  14. Source: https://sourceforge.net/p/cdesktopenv/wiki/Home/

  15. Source: @stake 0day pack (November 2004)

  16. Source: email exchange with Dave (November 2004)

  17. Unexpected News in 2005 Source: https://www.computerhistory.org/timeline/2005/

  18. Source: email exchange with Dave (October 2005)

  19. Fast Forward to 2017

  21. Source: https://xkcd.com/1513/

  23. Source: https://www.famousbirthdays.com/year/2001.html

  24. The Bug Source: Mr. Bug from the Happy! TV Series (SyFy)

  25. dtprintex.c lpstat.c Source: dtprintinfo28.tar in @stake 0day pack

  26. Source: truss -fae /usr/dt/bin/dtprintinfo

  27. Source: man lpstat

  29. Source: truss -u '*' -u '!libc' -fae ./raptor_dtprintname_poc

  30. Source: truss -u a.out -u 'libDtSvc : :' -u 'libc : *printf,*scanf,strdup' -fae ./raptor_dtprintname_poc

  31. Source: IDA disassembly of dtprintinfo

  32. Source: programs/dtprintinfo/UI/DtPrinterIcon.C in cde-src-2.3.0.tar.gz

  33. Source: email exchange with Dave (January 2019)

  34. The Exploit Source: https://0xdeadbeef.info/stuff/ralphy.jpg

  35. Source: raptor_dtprintname_intel.c

  36. Source: pmap -x 1020

  37. Source: raptor_dtprintname_intel.c

  38. Source: raptor_dtprintname_intel.c

  39. Source: raptor_dtprintname_intel.c

  40. Source: raptor_dtprintname_intel.c

  41. Source: raptor_dtprintname_intel.c

  42. Source: https://twitter.com/0xdea/status/579210295496871936

  43. The Sky is not Falling

  44. Source: #INFILTRATE2019 swag

  45. Source: https://www.oracle.com/corporate/security-practices/assurance/vulnerability/reporting.html

  46. Final Remarks No fancy name or logo were assigned to this vulnerability. We’ll make do with a CVE number, I guess. No “cybers” were harmed in the making of this presentation. Source: https://paulbellamy.com/vulnerability-name-generator/

  48. Question Time https://0xdeadbeef.info https://github.com/0xdea https://twitter.com/0xdea raptor@0xdeadbeef.info Source: Mr. Bug from the Happy! TV Series (SyFy)

Recommend

Methods Updating Variables Console Programs int life = 42; life life = 42 life; 21 life =

Methods Updating Variables Console Programs int life = 42; life life = 42 life; 21 life =

Methods Updating Variables Console Programs int life = 42; life life = 42 life; 21 life = 15; 15 42 7 0 life = life / 2; println(life * 3); Graphics Programs GRect rectR = new GRect(100, 100); rectR.setColor(Color.RED); GRect rectB

988 views • 64 slides
| Front Variante 1 DAM Life | Sponsoring Presentation | 12.06.2016 | DAM Life DAM Life is a

| Front Variante 1 DAM Life | Sponsoring Presentation | 12.06.2016 | DAM Life DAM Life is a

| Front Variante 1 DAM Life | Sponsoring Presentation | 12.06.2016 | DAM Life DAM Life is a short Film about Rick Jendrusch and his life as a profes- sional windsurfer at the Brouwersdam where he grew up. The Idea is to combine actionpacked

354 views • 7 slides
What is a Meaningful Life? What is a Meaningful Life? The purpose of life, after all, is to

What is a Meaningful Life? What is a Meaningful Life? The purpose of life, after all, is to

What is a Meaningful Life? What is a Meaningful Life? The purpose of life, after all, is to live it, to taste experience to the utmost, to reach out eagerly and without fear for newer and richer experience. Eleanor Roosevelt What

867 views • 42 slides
Quality of life defined Quality of life (QOL) ality of life (QOL) Subjective w bjective

Quality of life defined Quality of life (QOL) ality of life (QOL) Subjective w bjective

6/9/2014 Psychometric Properties of Quality of Life and Health Related Quality of Life Assessments in People with Multiple Sclerosis Learmonth, Y. C., Hubbard, E. A., McAuley, E. Motl, R. W. Department of Kinesiology and Community Health,

253 views • 12 slides
Engineering Engineering the the POlicy POlicy- -making making LIfe LIfe CYcle LIfe LIfe

Engineering Engineering the the POlicy POlicy- -making making LIfe LIfe CYcle LIfe LIfe

Engineering Engineering the the POlicy POlicy- -making making LIfe LIfe CYcle LIfe LIfe CYcle CYcle CYcle Objective ICT-2011.5.6 target a ICT solutions for Governance and Policy Modeling Duration 36 Months Proposal Number N 288147

650 views • 22 slides
Chapter 24 Life in the Universe 24.1 Life on Earth Our goals for learning When did life

Chapter 24 Life in the Universe 24.1 Life on Earth Our goals for learning When did life

Chapter 24 Life in the Universe 24.1 Life on Earth Our goals for learning When did life arise on Earth? How did life arise on Earth? What are the necessities of life? Earliest Life Forms When did life arise on Earth? Life

480 views • 11 slides
Life in the Universe Chapter 24 24.1 Life on Earth Our goals for learning When did life

Life in the Universe Chapter 24 24.1 Life on Earth Our goals for learning When did life

Life in the Universe Chapter 24 24.1 Life on Earth Our goals for learning When did life arise on Earth? How did life arise on Earth? What are the necessities of life? When did life arise on Earth? Earliest Life Forms Life

768 views • 66 slides
Intro to Life Cycle Analysis 2.83/2.813 Manufacturing End of Life Mining Use Phase Life Cycle

Intro to Life Cycle Analysis 2.83/2.813 Manufacturing End of Life Mining Use Phase Life Cycle

Intro to Life Cycle Analysis 2.83/2.813 Manufacturing End of Life Mining Use Phase Life Cycle Assessment LCA is a methodology to account for and assess the environmental impacts from all phases / stages of a product life cycle Mining

993 views • 72 slides
Development Programme Life Skills Life situations and settings The Manual Life Skills

Development Programme Life Skills Life situations and settings The Manual Life Skills

Youth and Adolescent Development Programme Life Skills Life situations and settings The Manual Life Skills Psychosocial abilities for adaptive and positive behaviour that enable individuals to deal effectively with the demands and

204 views • 17 slides
200711473 Software life cycle SDD within the life cycle SDD

200711473 Software life cycle SDD within the life cycle SDD

200711473 Software life cycle SDD within the life cycle SDD within the life cycle Purpose of an SDD - Period of time that starts when a software product is conceived and ends. -The life cycle approach is an

1.12k views • 28 slides
LIFE Programme - Call 2019 &amp; Establishment and Operation of the Greek LIFE Task Force

LIFE Programme - Call 2019 &amp; Establishment and Operation of the Greek LIFE Task Force

LIFE Programme - Call 2019 &amp; Establishment and Operation of the Greek LIFE Task Force Georgios Protopapas GREEN FUND Director NCP LIFE/ENV Greek LIFE T ask Force Project Manager Heraklion, 27 June 2019 LIFE Programme The LIFE

213 views • 19 slides
Life satisfaction There is probably no other goal in life that commands such a high degree of

Life satisfaction There is probably no other goal in life that commands such a high degree of

28-8-2017 Self-employment and satisfaction with life, work, and leisure Peter van der Zwan, Jolanda Hessels, Niels Rietveld JOINT CEPR CONFERENCES ON INCENTIVE, MANAGEMENT AND ORGANIZATION AND ENTREPRENEURSHIP September 9, 2017 Life

425 views • 14 slides
L I V E S T R O N G WE BELIEVE IN LIFE. YOUR LIFE. We believe in living every minute of it with

L I V E S T R O N G WE BELIEVE IN LIFE. YOUR LIFE. We believe in living every minute of it with

L I V E S T R O N G WE BELIEVE IN LIFE. YOUR LIFE. We believe in living every minute of it with every ounce of your being. And that you must not let cancer take control of it. We believe in energy: channeled and fierce. We believe in focus:

270 views • 15 slides
(F309 End of Life) Interpretive Guidance Investigative Protocol 2 483.25 End of Life Each

(F309 End of Life) Interpretive Guidance Investigative Protocol 2 483.25 End of Life Each

483.25 Quality of Life (F309 End of Life) Interpretive Guidance Investigative Protocol 2 483.25 End of Life Each resident must receive and the facility must provide the necessary care and services to attain or maintain the highest

441 views • 31 slides
2010 Relay for Life Seasons of Hope What is Relay for Life? Relay for Life is an annual event

2010 Relay for Life Seasons of Hope What is Relay for Life? Relay for Life is an annual event

2010 Relay for Life Seasons of Hope What is Relay for Life? Relay for Life is an annual event for the American Cancer Society It began in 1985, when Dr. Gordy Klatt, a surgeon in Tacoma, Washington, ran around a track for 24 hours to

351 views • 6 slides
Reliable, Committed, Prepared ABOUT GREEN LIFE SOLUTIONS PVT LTD GREEN LIFE GREEN LIFE

Reliable, Committed, Prepared ABOUT GREEN LIFE SOLUTIONS PVT LTD GREEN LIFE GREEN LIFE

Reliable, Committed, Prepared ABOUT GREEN LIFE SOLUTIONS PVT LTD GREEN LIFE GREEN LIFE SOLUTIONS PRIVATE LIMITE, is a concern dedicated to the promotion of Renewable Energy Propagation and Implementation in India. Greenlife has

402 views • 23 slides
Intro to Life Cycle Analysis Intro to Life Cycle Analysis Intro to Life Cycle Analysis

Intro to Life Cycle Analysis Intro to Life Cycle Analysis Intro to Life Cycle Analysis

Intro to Life Cycle Analysis Intro to Life Cycle Analysis Intro to Life Cycle Analysis 2.83/2.813 2.83/2.813 2.83/2.813 Manufacturing End of Life Mining Use Phase References 1. Allen and Shonnard, Ch 13 1. Life Cycle Concepts Life

680 views • 54 slides
1 Quality of Life: Why Study Quality of Life Documentation helps improve interventions for

1 Quality of Life: Why Study Quality of Life Documentation helps improve interventions for

Health Psychology, 6 th edition Shelley E. Taylor Chapter Eleven: Management of Chronic Illness Quality of Life: Overview Traditional View - Quality of life measured in terms of Length of survival Signs of disease However,

312 views • 13 slides
CS4491-02 Fog Computing Life Cycles 1 Questions What is the life cycle of IoT systems and

CS4491-02 Fog Computing Life Cycles 1 Questions What is the life cycle of IoT systems and

CS4491-02 Fog Computing Life Cycles 1 Questions What is the life cycle of IoT systems and components? What is the impact of the application domain on these life cycles? 2 Life cycle The life cycle of a product or system is the

313 views • 14 slides
IEEE Life Members Charles Husbands, Region 3 Life Member Coordinator Life Member Requirements

IEEE Life Members Charles Husbands, Region 3 Life Member Coordinator Life Member Requirements

IEEE Life Members Charles Husbands, Region 3 Life Member Coordinator Life Member Requirements n Age 65, plus 35 years of membership n Total equals 100 or more n Automatic transition n Permanent gold membership card next year Life

493 views • 10 slides
Welcome to BDS Fire Welcome to BDS Fire &amp; Life Safety &amp; Life Safety Systems BDS are a

Welcome to BDS Fire Welcome to BDS Fire &amp; Life Safety &amp; Life Safety Systems BDS are a

Welcome to BDS Fire Welcome to BDS Fire &amp; Life Safety &amp; Life Safety Systems BDS are a multi-disciplined Fire, Life Safety &amp; Integrated Security Company providing a range of high quality services to many commercial sectors. We now

504 views • 17 slides
Doctrine into Life, Pt. 5 Doctrine in the Life and Ministry of the Church 10:30 AM Tuesday,

Doctrine into Life, Pt. 5 Doctrine in the Life and Ministry of the Church 10:30 AM Tuesday,

Doctrine into Life, Pt. 5 Doctrine in the Life and Ministry of the Church 10:30 AM Tuesday, January 11, 2011 If essential doctrine is essentially grounded in the narrative of the incarnate saviors work, then turning doctrine into life is

484 views • 9 slides
1 Why Life Happens is needed Nearly 100 Million Adult Americans have NO life insurance Only

1 Why Life Happens is needed Nearly 100 Million Adult Americans have NO life insurance Only

1 Why Life Happens is needed Nearly 100 Million Adult Americans have NO life insurance Only 4 in 10 have individual coverage 2 Awareness Social Media Programs Campaigns &amp; Online LifeHappens.org Life Blog Advertising Media

557 views • 18 slides
From Schrdingers What is Life? to All Life is Chemistry Peter Schuster Institut

From Schrdingers What is Life? to All Life is Chemistry Peter Schuster Institut

From Schrdingers What is Life? to All Life is Chemistry Peter Schuster Institut fr Theoretische Chemie, Universitt Wien, Austria and The Santa Fe Institute, Santa Fe, New Mexico, USA 75 Years What is Life? Erwin

1.27k views • 58 slides

More recommend