[Cialug] automatic exploit generation

Josh More morej at alliancetechnologies.net
Fri Jun 6 00:07:18 CDT 2008 

This made the round on my security lists a few months back.  It's real
and a bit of a worrisome system... but a much greater threat in
monocultures.  The good news is that it, over time, it will result in
more securely designed systems (which require fewer patches).

In the short run, however, anyone running targeted systems should
consider network segmentation and third party HIDS.  (Or install Vista
and leave the annoying security features on.  They actually help.) 
It'll likely get worse before it gets better.



-Josh More, RHCE, CISSP, NCLP, GIAC 
 morej at alliancetechnologies.net 
 515-245-7701

>>> "Matthew Nuzum" <newz at bearfruit.org> 06/05/08 11:39 PM >>>
One of my coworkers mentioned this:

> Has anyone seen this scary news?  A proof-of-concept program that
takes
>  a security patch (a binary one, even) and automatically generates an
>  exploit for the vulnerability that the patch fixes, faster than most
>  people can download the patch.
>
>      http://www.cs.cmu.edu/~dbrumley/pubs/apeg.pdf

If they're doing what they say they're doing, then all I can say is
"wow."

    The automatic patch-based exploit generation prob-
    lem is: given a program P and a patched version of the
    program P ′ , automatically generate an exploit for the
    potentially unknown vulnerability present in P but fixed
    in P ′ . In this paper, we propose techniques for auto-
    matic patch-based exploit generation, and show that our
    techniques can automatically generate exploits for 5 Mi-
    crosoft programs based upon patches provided via Win-
    dows Update. Although our techniques may not work
    in all cases, a fundamental tenet of security is to con-
    servatively estimate the capabilities of attackers. Thus,
    our results indicate that automatic patch-based exploit
    generation should be considered practical. One impor-
    tant security implication of our results is that current
    patch distribution schemes which stagger patch distri-
    bution over long time periods, such as Windows Update,
    may allow attackers who receive the patch first to com-
    promise the significant fraction of vulnerable hosts who
    have not yet received the patch.
-- 
Matthew Nuzum
newz2000 on freenode
_______________________________________________
Cialug mailing list
Cialug at cialug.org
http://cialug.org/mailman/listinfo/cialug

More information about the Cialug mailing list