1
2
3
4
5
6
7
8
9
10
11
12
13
14
|
Security researchers at Watchfire (acquired yesterday by IBM) claim they have discovered a method of [exploiting dangling pointers][1] -- a common programming error -- which allows for remote code execution. The problem of dangling pointers was previously thought to be poor practice and can lead to crashes, but it was not believed to be exploitable.
Dangling pointers refers to lines of code that do not refer to a valid object. For instance variable that reference an object which has already been deleted. While the object is gone, the reference to it is not.
Danny Allan, research director at Watchfire, says, "the problem before was, you had to override the exact location that the pointer was pointing to. It was considered impossible."
The new attack, which will be detailed at the upcoming Black Hat conference, causes a buffer overflow which allows outside code to be injected. "We discovered a way to do this with generic dangling pointers and run our own shell code," says Allan.
He goes on to say that ""This is a very prevalent problem, especially in low-level languages." Many programming languages, most notably C++, are vulnerable to dangling pointers, but there are numerous ways to avoid dangling pointers, the most obvious of which is make sure your code doesn't create any, but that can be difficult and time-consuming.
"This is a bit of a Pandora's box and once we open it, it will be just the tip of the iceberg," warns Allan. "A lot of times you might not know there's a dangling pointer."
[1]: http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci1265116,00.html
|
