Security vulnerabilities explained

Post new topic   Reply to topic Announcements View previous topic :: View next topic  
Author Message
Scotsman
Site Admin


Joined: 03 Aug 2004
Posts: 705
Location: MadWolf Software
PostPosted: Wed Sep 07, 2005 8:23 am    Post subject: Security vulnerabilities explained Reply with quote
Watching the Palace mail lists, some have been trying to explain what the previously posted security alert actually means. I'm going to make an attempt to explain what this type of exploit is and does in simple terms here, and why it is so dangerous.

Note: this type of thing can happen with any old unsupported software, not necessarily just Palace. Palace is just one that has been reported and is in the realm of my expertise so will stick to what I know.

What it really boils down to is a bug in the Palace client when it processes a Palace URL (i.e. palace://). What happens is the Palace doesn't check the length of the URL it is being given and places it into it's processing buffer. If the URL is malicous and coded to be longer than the processing buffer it can have binary code attached to the end that if formed correctly will execute, thus allowing the cracker to download anything they want, scrap a hard drive, or anything else.

What makes this even more dangerous is that you don't have to be in Palace for this exploit to be used. The malicous URL could be on a website (including forums like this one, blogs, email, anything that can pass a URL), when clicked it would cause Palace to launch and thus your machine would be hacked. Just having Palace installed thus opens your computer to this vulnerability.
Back to top
View user's profile Send private message Visit poster's website
Rhonk



Joined: 03 Aug 2004
Posts: 36
Location: St. Peters, MO
PostPosted: Wed Sep 07, 2005 8:37 pm    Post subject: Javascript Reply with quote
Forgot to mention an automated Javascript link...

Throw some Javascript code to open the palace:// URL and poof.

Only thing is it takes a somewhat decent coder to figure out all the lovely ways to do things. Which, if this had been a Microsoft product, would be 3-6 hours after the patch arrives on Windows Update and would take about a month and a half for everyone to realize "I should've updated sooner!"

Words of wisdom? Update! Update! Update!

Windows may not be the most secure OS but what is these days? It's just a high priority target. One could write a Perl script for MacOS X, Linux, and UNIX which does 100% the same thing and have it run (with user interaction of course). But needless to say, when a security issue arises don't wait! Most OS patches are seemingly large but worth the wait if you have dial up. At least you don't need to download a patch cluster that ranges between 200MB and 400MB just for a single patch update...Pardon my reference to Sun's lack of security support without payment.

This has been a public service announcement by Ephemeris Second.
_________________
-Erik "Rhonk" Arnson
Back to top
View user's profile Send private message Visit poster's website AIM Address
Display posts from previous:   
Post new topic   Reply to topic All times are GMT - 6 Hours
Page 1 of 1

 
 You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum