Зарегистрируйтесь сейчас для лучшей персонализированной цитаты!

Exploitable or Not Exploitable? Using REVEN to Examine a NULL Pointer Dereference.

Aug, 02, 2018 Hi-network.com

It can be very time-consuming to determine if a bug is exploitable or not. In this post, we'll show how to decide if a vulnerability is exploitable by tracing back along the path of execution that led to a crash.

Probing for software vulnerabilities through fuzzing tends to lead to the identification of many NULL-pointer dereference crashes. Fuzzing involves taking various permutations of data and feeding those permutations to a target program until one of those permutations reveals a vulnerability. The kinds of software bugs we reveal with fuzzing may be denial-of-service vulnerabilities that aren't particularly critical and simply cause the software under test to crash. However, they could also be evidence of an arbitrary code execution vulnerability where the NULL pointer can be controlled, leading to the execution of code supplied by an attacker.

Read More >>>


tag-icon Горячие метки: Cisco Talos Talos Tetrane vulnerability analysis

Copyright © 2014-2024 Hi-Network.com | HAILIAN TECHNOLOGY CO., LIMITED | All Rights Reserved.