Update Firefox to 1.5.0.1, the exploit is out

Discussion in 'other security issues & news' started by ronjor, Feb 7, 2006.

Thread Status:
Not open for further replies.
  1. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,727
    Location:
    Texas
    Sans
    .....
     
  2. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,727
    Location:
    Texas
  3. NIST.org

    NIST.org Registered Member

    Joined:
    Dec 29, 2005
    Posts:
    11
    So far the exploit has only been tested on Gentoo Linux with the stock mozilla-firefox 1.5.0.0 package. It took almost 1 gig of padded code to overwrite the memory buffers and unleash the exploit code. Chances are this exploit will not work under Windows and perhaps not even under other Linux distributions. But it does prove the concept and other exploits may be released soon.

    John Herron, CISSP
    More info at NIST.org
     
  4. iceni60

    iceni60 ( ^o^)

    Joined:
    Jun 29, 2004
    Posts:
    5,116
    i think that's just one exploit which has been written for the vulnerability. others have probably been written too.
     
  5. NIST.org

    NIST.org Registered Member

    Joined:
    Dec 29, 2005
    Posts:
    11
    Only one exploit has been made public so far and there have been no announcements of others. That doesn't mean they're not out there. But keep in mind that buffer overflow exploits aren't the easiest thing to code for. Over flowing the data buffer in to code space and causing a DoS isn't hard. But flowing exactly the correct program code in to exactly the right memory space to give you control over a computer can be very difficult. A whole lot of trial and error goes in to it. Simply because the bad guys have successfully exploited the vulnerability on one platform doesn't necessarily make them closer to exploiting it on another platform. Even going from different versions of Windows to another can sometimes require a whole new exploit to be written.

    But you can bet they're working on it.

    John Herron, CISSP
    at NIST.org
     
  6. iceni60

    iceni60 ( ^o^)

    Joined:
    Jun 29, 2004
    Posts:
    5,116
    i said what i said because i was looking at some exploit code which said something like "this has been tested on Gentoo with firefox 1.5.0" so i asked some (whitehat) hackers if Ubuntu was vulnerable too and they said yes it was :eek: and to use 1.5.1 instead. i didn't know that was the only known exploit. i thought there might be more because i was told about Ubuntu being vulnerable too. either it's the same exploit or there's more.
     
    Last edited: Feb 8, 2006
Loading...
Thread Status:
Not open for further replies.