a bug’s life - immunity inc...final remarks no fancy name or logo were assigned to this...

48

A Bug’s Life Story of a Solaris 0day 2001-2019 Marco Ivaldi <[email protected]> #INFILTRATE19, Miami Beach

Upload: others

Post on 09-Oct-2020

0 views

Category:

Documents

0 download

Report

Download

Embed Size (px):

TRANSCRIPT

A Bug’s LifeStory of a Solaris 0day 2001-2019

Marco Ivaldi <[email protected]>

#INFILTRATE19, Miami Beach

A Bit of Background

Source: https://www.computerhistory.org/timeline/1995/

How to Write Buffer Overflows (1995): https://insecure.org/stf/mudge_buffer_overflow_tutorial.htmlSmashing the Stack for Fun and Profit (1996): http://phrack.org/issues/49/14.html

Source: https://www.exploit-db.com/?author=315&platform=solaris

Source: https://seclists.org/bugtraq/2004/Dec/401

Source: https://web.archive.org/web/20030323044416/http://www.0dd.com:80/

Once Upon a Time in 2004

Source: https://www.computerhistory.org/timeline/2004/

Source: https://en.wikipedia.org/wiki/SPARC#/media/File:Sun_UltraSPARCII.jpg

Source: 0dd private mailing list (February 2004)

Source: 0dd private mailing list (February 2004)

Source: @stake 0day pack (November 2004)

Source: https://sourceforge.net/p/cdesktopenv/wiki/Home/

Source: @stake 0day pack (November 2004)

Source: email exchange with Dave (November 2004)

Unexpected News in 2005

Source: https://www.computerhistory.org/timeline/2005/

Source: email exchange with Dave (October 2005)

Fast Forward to 2017

Source: https://xkcd.com/1513/

Source: https://www.famousbirthdays.com/year/2001.html

The Bug

Source: Mr. Bug from the Happy! TV Series (SyFy)

Source: dtprintinfo28.tar in @stake 0day pack

dtprintex.c lpstat.c

Source: truss -fae /usr/dt/bin/dtprintinfo

Source: man lpstat

Source: truss -u '*' -u '!libc' -fae ./raptor_dtprintname_poc

Source: truss -u a.out -u 'libDtSvc : :' -u 'libc : *printf,*scanf,strdup' -fae ./raptor_dtprintname_poc

Source: IDA disassembly of dtprintinfo

Source: programs/dtprintinfo/UI/DtPrinterIcon.C in cde-src-2.3.0.tar.gz

Source: email exchange with Dave (January 2019)

The Exploit

Source: https://0xdeadbeef.info/stuff/ralphy.jpg

Source: raptor_dtprintname_intel.c

Source: pmap -x 1020

Source: raptor_dtprintname_intel.c

Source: raptor_dtprintname_intel.c

Source: raptor_dtprintname_intel.c

Source: raptor_dtprintname_intel.c

Source: raptor_dtprintname_intel.c

Source: https://twitter.com/0xdea/status/579210295496871936

The Sky is not Falling

Source: #INFILTRATE2019 swag

Source: https://www.oracle.com/corporate/security-practices/assurance/vulnerability/reporting.html

Final Remarks

No fancy name or logo were assigned to this vulnerability. We’ll make do with a CVE number, I guess.

No “cybers” were harmed in the making of this presentation.

Source: https://paulbellamy.com/vulnerability-name-generator/

Question Time

https://0xdeadbeef.info

https://github.com/0xdea

https://twitter.com/0xdea

[email protected]

Source: Mr. Bug from the Happy! TV Series (SyFy)

A Bug’s Life - Headwaters Science Institute · 2020. 7. 7. · A Bug’s Life By: Ameenah, Ellen, Neil, and Sarina . Introduction ! Imagine seeing everything as pixels? How could

Cybercrime & Cybersecurityunctad.org/meetings/en/SessionalDocuments/Cybercrime and Cybers… · Introductory Remarks • Inherently transnational crime –e.g. transatlantic bomb

A BUG’S LIFE - Columbia Universitymengu/Projects_files/Bugs_life... · 2008. 11. 12. · A BUG’S LIFE How the Bug’s world was captured By Mengu Sukan (ms3774) Swati Kumar (sak2144)

Tamagotchi Hacking - Chaos Computer Club · Tamagotchi Hacking Were Harmed in the Making of this Presentation Many Tamagotchis Even More Tamagotchis Were Harmed in the Making of this

NATIONAL STRATEGY FOR TRUSTED IDENTITIES IN ...obamawhitehouse.archives.gov/.../NSTICstrategy_041511.pdfnaTional ST raTE gy for Tru STE d idEnTiTiES in CybErS paCE 2 The Strategy’s

Chairman - United Nations Office for Outer Space Affairs · CYBERS satellite imagery is available as open access in China, Latin America and Africa. The United States has announced

Listener Feedback #92 - Steve Gibson · 2010. 5. 22. · want to say "killer" because no dogs were harmed. Steve: No dogs were harmed. And it's unfortunate that that's what - and

JUST FOR KIDS SUMMER CAMP 2016 - International Schoolbist.ge/uploads/tinymce/documents/summer camp.pdf · • It’s a Bug’s Life • Inside Your Outside • Mad Scientists •

Intro to Linux *No animals were harmed in the making of this presentation

through a microscope. We will be watching a Bug’s life and

Tights Were Harmed in the Creation of This Comic :

Consumers Are Confused and Harmed: The Case for …financialplanningcoalition.com/wp-content/uploads/2014/06/...CONSUMERS ARE CONFUSED AND HARMED: THE CASE FOR REGULATION OF FINANCIAL

List of the Harmed - Pennsylvania Alliance for Clean Water and Air · 2012. 12. 10. · List of the Harmed Online at as of December 9th, 2012- The following is an ever-growing

Fortinet: NG Firewall - Orditech - SSIIevents.orditech.be/wp-content/uploads/2016/06/Solutions-de-cybers... · Fortinet: NG Firewall Presenting a Secure Eco System Pieter-Jan Blaton

INFOGRAPHIC: No Animals Were Harmed

Cybers 2 Satellites

A LADY BUG’S ADVENTURE Britney Beck

Iwwv.icvolunteers.org/files/report_wg_mali_2005.doc · Web viewles cybers volontaires d’ICV qui participent au développement des compétences des ressources humaines et au renforcement

Cybers security IBM

Altruism, Favoritism, and Guilt in the Allocation of ...papers.economics.ubc.ca/legacypapers/rosenzweig.pdf · more guilt if they have harmed a family member than if they have harmed

Cybers ty (E X) Working Group - National Association of ... · PDF fileThe final regulation went ... The CISO is required to periodically report to the board of directors of an

No Patient Harmed from Post-op Opoids

KIND AFFECT AND SLOW PROCESSING: HOW RESTORATIVE …Community of support is offered person who did the harmed and person who was harmed • Wrongdoing addressed in how people were

Riverside Kids Zone Riverside Kids Club - Clover Sitesstorage.cloversites.com/riversidecommunitychurch1/documents... · Ants and Grasshoppers—Watch the clip from the movie A Bug’s

A Bug’s Life in the Columbia Slough › web stores › data libraries...A Bug’s Life in the Columbia Slough Handbook of Aquatic Invertebrates and Macroinvertebrate Monitoring in

List of the Harmed - WordPress.com...The following is an ever-growing list of the individuals and families that have been harmed by fracking (or shale gas production) in the US. Should

ostal Bulletin 22556, October 8, 2020. Protecting the ...Security architecture. In short, the Deputy CISO portfolio’s top priority is to develop and oversee the cybers ecurity strategies,

Friends of the Harmed: Shalefield Stories

C HARMED BOOT CAMP EDITION Session I – Social Skills August 12, 2014

SLUG HEADAnnE itiEr bUGAtti A BUG’S LIFE Bugs life Copyright Octane.pdf · 42 MONTH 2013 OCTANE OCTANE MONTH 2013 43 SLUG HEADAnnE itiEr bUGAtti A BUG’S LIFE French racer Anne-Cécile

Ideas that have harmed mankind

Bug’s eye view examples

Majority of Brits harmed by other people’s drinking - IAS · Majority of Brits harmed by other people’s drinking. JULY 2015 UK Alcohol Alert incorporating Alliance News July 2015

List of the Harmed - Permanent Peoples' Tribunal€¦ · The following is an ever-growing list of the individuals and families that have been harmed by fracking (or shale gas production)

GDPR Compliance with HyTrust - CYBERS · Affects a range of technology systems including data storage and collection, data encryption, and frameworks for privacy processes (through