jump to navigation

Google code search: A vulnerability hunters dream October 7, 2006

Posted by Imran Ghory in Computer Security, Google, Software development.
trackback

Google code search: A vulnerability hunters dream? – well maybe not, but if a hacker wants to compromise random machines rather then particular targets then Google’s making finding new exploits ever easier.

Google’s latest search tool has made it incredibly easy to take one particular vulnerability which has a fairly recognizable signature and search vasts amounts of code for it. And to prove it here are some examples:

(Some of these are derivative of various suggestions posted on reddit)

For starters lets have a look for programs that run setuid/setgid and copy strings from environment variables without even verifying the lengths (hence providing an easy buffer overflow exploit):

In a similar vain code that takes an environment variable passed to it by a web-browser before sticking it in an SQL query (thus allowing SQL query injection attacks):

How about code which uses the unsafe chmod command ( chmod is bad due to non-atomicity, code normally checks the file has some properties first before chmoding it – however due to the fact that the checking is a separate operation from the chmoding a hacker could replace the file with a symlink after the check but before the file has been chmod – hence allowing them to change the permissions on arbitrary files) :

Or a similar race condition which can be used to create havoc, this time the mktemp() function – which creates a temporary file with a predictable name (so what happens if someone else gets there first with a symlink….).

I think the scariest so far is the number of mid-to-large size projects which show up for this following search (where an input is read from a file into a fixed size buffer without a limit being put on the amount of data being read in):

And somewhat more lightheartedly a look at all the programmers that are hard-core traditionalists when it comes to crypto:

So there you have it – vulnerabilities galore and just from a few minutes work.

Advertisements

Comments»

1. burberry brit polo shirts - November 6, 2015

Bags have been received, the evaluation a little late, leather is very good, very stylish, fashionable, no color, fine workmanship, it is worth starting a bag bag has been received, the same description with the seller, fine workmanship, style novel, fabrics feel comfortable, value for money, the seller and good attitude, fast delivery bags have been received, good quality, consistent description with the seller, the store fast delivery, the overall feeling good, very satisfied, next to patronize.
burberry brit polo shirts http://ambvietnam.com/BlueDolphins.aspx?YjB5MGIwNDAxMTY4YjkxNWE.html


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: