[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] SSL Capable NetCat and more
- To: GomoR <rpt6@xxxxxxxxx>
- Subject: Re: [Full-disclosure] SSL Capable NetCat and more
- From: Ryan Sears <rdsears@xxxxxxx>
- Date: Mon, 28 Mar 2011 03:08:41 -0400 (EDT)
Please, correct me if I'm wrong, but a stack overflow in the arguments for
something like socat has a very very low impact (or probability of
exploitation). The only way one can influence the program to do something is by
overflowing the arguments, so unless it was used in a script or something of
that sort in an automatic fashion, it's highly unlikely this will be weaponized.
Having said that, having automatic memory allocation/management through a lot
of the modern day scripting languages is a definite plus.
I think he's looking at it like this, because this is what I was thinking when
I first read about it:
(Rough outline of language abstraction layers)
||
||
+-----------------+
| High-level lang |
| (Java, etc) |
+-----------------+
||
||==> SCNC
||
+-------------------+
| Mid-level lang. |
| (perl,python,etc) |
+-------------------+
||
||==> Socat, Ncat, Cryptcat
||
+-----------------+
| Low-level lang. |
| (C, ASM, etc) |
+-----------------+
Writing something in a lower-level language typically means increased speed and
a lighter footprint. You can do these same sorts of connection relaying on a
system that might not have perl installed in it. Granted, it isn't common to
find a system without perl now-a-days, but if you need to install CPAN modules
or something that's MORE of an overhead. That sort of thing starts to adds up,
and if you can write a tiny little program to do the same thing (statically
compiled for more portability) it's going to be better off.
I like the concept and the idea though, as it provides some good flexibility if
the target won't notice a perl script getting run, but notices arbitrary
executables or something of the sort.
Ryan Sears
----- Original Message -----
From: "GomoR" <gomor-fd@xxxxxxxxx>
To: full-disclosure@xxxxxxxxxxxxxxxxx
Sent: Monday, March 28, 2011 2:47:28 AM GMT -05:00 US/Canada Eastern
Subject: Re: [Full-disclosure] SSL Capable NetCat and more
On Sun, Mar 27, 2011 at 02:23:03PM -0700, Zach C. wrote:
> Okay, and also let me rephrase the question: what does your tool do that *
> socat* doesn't?
Better question ;)
scnc is written in Perl, and does not suffer from stack
overflows:
http://www.dest-unreach.org/socat/
2010/08/02: A stack overflow vulnerability has been fixed
that could be triggered when command line arguments were
longer than 512 bytes. Fixed versions are 1.7.1.3 and
2.0.0-b4. See socat security advisory 2 for details.
This one is from command line, maybe the next will be in
the server mode or whatever.
Regards,
--
^ ___ ___ http://www.GomoR.org/ <-+
| / __ |__/ Senior Security Engineer |
| \__/ | \ ---[ zsh$ alias psed='perl -pe ' ]--- |
+--> Net::Frame <=> http://search.cpan.org/~gomor/ <---+
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/