NOW READ THIS
("Security Advisory")

Go Back

---

Submitted by: Bill Hickey
NCVA List Master

NRT-0255 Dangling Pointers More Dangerous Than Though:

An issue largely ignored because the security risk was deemed only theoretical might soon become a significant and dangerous security risk, according to web application security vendor Watchfire, Inc. The company has developed new proof-of-concept code that it says can use what's generally seen as a relatively benign coding flaw - it's known as a dangling pointer - to launch remote-code execution attacks. A dangling pointer, like a buffer-overflow flaw, can exist in a large number of software products. Watchfire, which was recently acquired by IBM, is set to demonstrate its attack code running against vulnerability in Microsoft's IIS 5.1 server software at next week's BlackHat conference in Las Vegas. Software programmers, especially in C and C++, use dangling pointers to point to certain locations in memory where objects - such as a string or a number or an array - may exist. A dangling pointer condition can arise if that object in memory is somehow destroyed or overwritten while the pointer itself is allowed to exist in the code. Though the issue is well understood, dangling pointers for the most part have been considered more a software quality issue than a security risk. To exploit the issue, hackers would need to be able to alter the pointer and make it point to some other location in memory where they have introduced malicious code, or they would need to overwrite the memory location to which the pointer is pointing with malicious code. Watchfire's remotely exploitable attack code shows how dangling pointers can be every bit as dangerous as buffer overflows. In addition, the flaw can be almost as ubiquitous as buffer overflows, because pointers are very common in software.

(ComputerWorld 23Jul07)

Last Modified: Tuesday, 31-Jul-2007 22:51:25 EDT