[fuzzing] When Ax1024 isn?t enough
discojonny at gmail.com
Wed Nov 8 05:34:49 CST 2006
> Recently, h07 published a vulnerability in Easy File Sharing FTP
> Server. Apparently a simple buffer overflow in the PASS command. This
> vulnerability is a nice example where fuzzing won't cut it.
christ, someone needs a clue.
with 2 stage fuzzing (yeah not even proper reactive fuzzing) you would
know that the comma would throw the code into a different state from
> A fuzzer will usually take a legal FTP session, and will try to overflow
> interesting sections. The password field is a prime candidate, but the
> problem is, if you test for a simple overflow you'll just send many 'A'
> characters or something similar. This is because fuzzers tend to look for
> the coin under the street-light.
This is not a fuzzer this a very limited buffer length checker. and
yeah that probably wont find it and if it did it would have to have
been from heuristics
> This is not done due
> to programmer lazyness, this is due to the sheer amount of possibilities
> to check.
dont they teach maths and computer science anymore? I actually think
this is down to programmers incompetence, and not actually
understanding the task the are trying to write a program to automate.
This is very very common problem with programmers.
>FTP is a relatively simple protocol, but with vendor extensions
> it has dozens of commands. Checking every command for vulnerabilities
> could take a long time, and with network considirations we're talking
> weeks and months of continous bombardment on the target server.
riiiiiiiiiiiiiiiight. if you have 1 server and 1 test pc. yeah,
maybe. anyone who tests like that though will need a lot more help
than a fuzzer. I see no mention of actually calculating the input
space, just that it might take a long time to test..
anyway i guess i better stop, I guess people just dont want to understand.
More information about the fuzzing