Vulnerability contest - Find the oldest bug!

Discussion in 'other software & services' started by Mrkvonic, May 26, 2010.

Thread Status:
Not open for further replies.
  1. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,698
    Hello,

    Time for a digital lynch. Enjoy an article/rant about the recent bout of very old vulnerabilities being found in operating systems and how they impact our computer usage. Not. As always, don't take my tirades too seriously.

    http://www.dedoimedo.com/computers/vulnerability-contest.html


    Cheers,
    Mrk
     
  2. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,956
    Location:
    Somethingshire
    not fair, you had fun writing it why can't some of us have fun taking it seriously ;)
    wise proviso nevertheless
     
  3. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    Interesting to think about, Mrk. How about a sub-category in your contest?:

    Old bugs (patched) still used in current exploits

    ----
    rich
     
  4. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,698
    Old bugs, desktop or server? I guess desktop.
    That could work too.
    Mrk
     
  5. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    OK, for old bugs patched, yet still used in current exploits, I nominate this from 2006 against IE6:

    Microsoft Security Bulletin MS06-014
    Vulnerability in the Microsoft Data Access Components (MDAC) Function Could Allow Code Execution
    http://www.microsoft.com/technet/security/bulletin/ms06-014.mspx

    It's a very simple VBS script, where file (2.exe) is downloaded and renamed to svchost.exe:


    happyhtm.gif


    The code creates a path to svchost.exe and attempts to execute it. Here, security in place intercepts the download of 2.exe so that svchost.exe cannot execute, and an error message appears:

    2exe-ae.gif

    In 2008 when the MBR rootkit, Mebroot, resurfaced, f-secure listed MS06-014 at the top of the list of exploits containing mebroot:

    MBR Rootkit, A New Breed of Malware
    http://www.f-secure.com/weblog/archives/00001393.html
    A search of the current malware domain lists and blade-defender.org's list of exploits shows that almost all of the exploit packs contain this vulnerability, such as:

    Fragus exploit pack
    Liberty Exploit Kit
    Siberia Exploit Pack
    Elenore Exploit Pack

    Why do cybercriminals continue to use an old vulnerability long since patched?

    Why indeed, if it continues to be one of the most successful money-making vulnerabilities, knowing that the majority of users don't patch, nor have security in place to stop such nonsense!

    Until IE6 is replaced world-wide, I suspect this vulnerability will continue to appear in exploits.


    ----
    rich
     
    Last edited: May 29, 2010
  6. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,698
    Nonsense indeed ... Now, how does a five-year-old exploit scale up to a 17 year old vulnerability? What's the weighting factor?
    Mrk
     
  7. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    I presume one of these is the 17 year old bug/vulnerability you refer to ? I think i found another ;)

    Microsoft Abandons an Old Windows Bug

    http://www.pcworld.com/article/184515/microsoft_abandons_an_old_windows_bug.html


    Ancient Windows flaw found after 17 years

    http://www.theinquirer.net/inquirer/news/1587918/ancient-windows-flaw


    And what about this, i guess it might count too ?


    Administrator Access is the highest...right? WRONG!

    http://www.theeldergeek.com/forum/index.php?showtopic=21594


    Quote Mrkvonic

    Does that include this ?

    You can't talk to our Rmus like that :p

    3.4 - 1 :D

    You didn't say any bugs etc had to be older that 17 years :p
     
  8. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    Well, I asked if there could be a sub-category of "patched vulnerabilities that are still used in exploits," and I assumed from your answer, Yes; hence, my entry.

    The "weighting factor" is that here is a old vulnerability that is still being exploited. Vulnerabilities -- a dime a dozen-- are never very interesting to me unless they become used in exploits!


    ----
    rich
     
  9. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,698
    Nonsense agreement was to Rmus' nonsense statement about how simple it is to block these kinds of things, no disrespect was meant. Anyhow, yes, my contest rules were a bit vague :)
    Mrk
     
  10. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    Yes, we've agreed over the years how easy it is to block these things! Also, in many cases, your dictum applies,

    "You have to try hard to get infected!"

    ----
    rich
     
  11. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,698
    The best analogy I have is computer infection = STD infection. Really no need to have one :)
    Mrk
     
Loading...
Thread Status:
Not open for further replies.