[Cialug] automatic exploit generation
Matthew Nuzum
newz at bearfruit.org
Thu Jun 5 23:39:28 CDT 2008
One of my coworkers mentioned this:
> Has anyone seen this scary news? A proof-of-concept program that takes
> a security patch (a binary one, even) and automatically generates an
> exploit for the vulnerability that the patch fixes, faster than most
> people can download the patch.
>
> http://www.cs.cmu.edu/~dbrumley/pubs/apeg.pdf
If they're doing what they say they're doing, then all I can say is "wow."
The automatic patch-based exploit generation prob-
lem is: given a program P and a patched version of the
program P ′ , automatically generate an exploit for the
potentially unknown vulnerability present in P but fixed
in P ′ . In this paper, we propose techniques for auto-
matic patch-based exploit generation, and show that our
techniques can automatically generate exploits for 5 Mi-
crosoft programs based upon patches provided via Win-
dows Update. Although our techniques may not work
in all cases, a fundamental tenet of security is to con-
servatively estimate the capabilities of attackers. Thus,
our results indicate that automatic patch-based exploit
generation should be considered practical. One impor-
tant security implication of our results is that current
patch distribution schemes which stagger patch distri-
bution over long time periods, such as Windows Update,
may allow attackers who receive the patch first to com-
promise the significant fraction of vulnerable hosts who
have not yet received the patch.
--
Matthew Nuzum
newz2000 on freenode
More information about the Cialug
mailing list