a bug’s life - immunity inc...final remarks no fancy name or logo were assigned to this...
TRANSCRIPT
![Page 1: A Bug’s Life - Immunity Inc...Final Remarks No fancy name or logo were assigned to this vulnerability. We’ll make do with a CVE number, I guess. No “cybers” were harmed in](https://reader034.vdocuments.us/reader034/viewer/2022052103/603d43e212628f19742e0095/html5/thumbnails/1.jpg)
A Bug’s LifeStory of a Solaris 0day 2001-2019
Marco Ivaldi <[email protected]>
#INFILTRATE19, Miami Beach
![Page 2: A Bug’s Life - Immunity Inc...Final Remarks No fancy name or logo were assigned to this vulnerability. We’ll make do with a CVE number, I guess. No “cybers” were harmed in](https://reader034.vdocuments.us/reader034/viewer/2022052103/603d43e212628f19742e0095/html5/thumbnails/2.jpg)
![Page 3: A Bug’s Life - Immunity Inc...Final Remarks No fancy name or logo were assigned to this vulnerability. We’ll make do with a CVE number, I guess. No “cybers” were harmed in](https://reader034.vdocuments.us/reader034/viewer/2022052103/603d43e212628f19742e0095/html5/thumbnails/3.jpg)
A Bit of Background
Source: https://www.computerhistory.org/timeline/1995/
![Page 4: A Bug’s Life - Immunity Inc...Final Remarks No fancy name or logo were assigned to this vulnerability. We’ll make do with a CVE number, I guess. No “cybers” were harmed in](https://reader034.vdocuments.us/reader034/viewer/2022052103/603d43e212628f19742e0095/html5/thumbnails/4.jpg)
How to Write Buffer Overflows (1995): https://insecure.org/stf/mudge_buffer_overflow_tutorial.htmlSmashing the Stack for Fun and Profit (1996): http://phrack.org/issues/49/14.html
![Page 5: A Bug’s Life - Immunity Inc...Final Remarks No fancy name or logo were assigned to this vulnerability. We’ll make do with a CVE number, I guess. No “cybers” were harmed in](https://reader034.vdocuments.us/reader034/viewer/2022052103/603d43e212628f19742e0095/html5/thumbnails/5.jpg)
Source: https://www.exploit-db.com/?author=315&platform=solaris
![Page 6: A Bug’s Life - Immunity Inc...Final Remarks No fancy name or logo were assigned to this vulnerability. We’ll make do with a CVE number, I guess. No “cybers” were harmed in](https://reader034.vdocuments.us/reader034/viewer/2022052103/603d43e212628f19742e0095/html5/thumbnails/6.jpg)
Source: https://seclists.org/bugtraq/2004/Dec/401
![Page 7: A Bug’s Life - Immunity Inc...Final Remarks No fancy name or logo were assigned to this vulnerability. We’ll make do with a CVE number, I guess. No “cybers” were harmed in](https://reader034.vdocuments.us/reader034/viewer/2022052103/603d43e212628f19742e0095/html5/thumbnails/7.jpg)
Source: https://web.archive.org/web/20030323044416/http://www.0dd.com:80/
![Page 8: A Bug’s Life - Immunity Inc...Final Remarks No fancy name or logo were assigned to this vulnerability. We’ll make do with a CVE number, I guess. No “cybers” were harmed in](https://reader034.vdocuments.us/reader034/viewer/2022052103/603d43e212628f19742e0095/html5/thumbnails/8.jpg)
Once Upon a Time in 2004
Source: https://www.computerhistory.org/timeline/2004/
![Page 9: A Bug’s Life - Immunity Inc...Final Remarks No fancy name or logo were assigned to this vulnerability. We’ll make do with a CVE number, I guess. No “cybers” were harmed in](https://reader034.vdocuments.us/reader034/viewer/2022052103/603d43e212628f19742e0095/html5/thumbnails/9.jpg)
Source: https://en.wikipedia.org/wiki/SPARC#/media/File:Sun_UltraSPARCII.jpg
![Page 10: A Bug’s Life - Immunity Inc...Final Remarks No fancy name or logo were assigned to this vulnerability. We’ll make do with a CVE number, I guess. No “cybers” were harmed in](https://reader034.vdocuments.us/reader034/viewer/2022052103/603d43e212628f19742e0095/html5/thumbnails/10.jpg)
Source: 0dd private mailing list (February 2004)
![Page 11: A Bug’s Life - Immunity Inc...Final Remarks No fancy name or logo were assigned to this vulnerability. We’ll make do with a CVE number, I guess. No “cybers” were harmed in](https://reader034.vdocuments.us/reader034/viewer/2022052103/603d43e212628f19742e0095/html5/thumbnails/11.jpg)
![Page 12: A Bug’s Life - Immunity Inc...Final Remarks No fancy name or logo were assigned to this vulnerability. We’ll make do with a CVE number, I guess. No “cybers” were harmed in](https://reader034.vdocuments.us/reader034/viewer/2022052103/603d43e212628f19742e0095/html5/thumbnails/12.jpg)
Source: 0dd private mailing list (February 2004)
![Page 13: A Bug’s Life - Immunity Inc...Final Remarks No fancy name or logo were assigned to this vulnerability. We’ll make do with a CVE number, I guess. No “cybers” were harmed in](https://reader034.vdocuments.us/reader034/viewer/2022052103/603d43e212628f19742e0095/html5/thumbnails/13.jpg)
Source: @stake 0day pack (November 2004)
![Page 14: A Bug’s Life - Immunity Inc...Final Remarks No fancy name or logo were assigned to this vulnerability. We’ll make do with a CVE number, I guess. No “cybers” were harmed in](https://reader034.vdocuments.us/reader034/viewer/2022052103/603d43e212628f19742e0095/html5/thumbnails/14.jpg)
Source: https://sourceforge.net/p/cdesktopenv/wiki/Home/
![Page 15: A Bug’s Life - Immunity Inc...Final Remarks No fancy name or logo were assigned to this vulnerability. We’ll make do with a CVE number, I guess. No “cybers” were harmed in](https://reader034.vdocuments.us/reader034/viewer/2022052103/603d43e212628f19742e0095/html5/thumbnails/15.jpg)
Source: @stake 0day pack (November 2004)
![Page 16: A Bug’s Life - Immunity Inc...Final Remarks No fancy name or logo were assigned to this vulnerability. We’ll make do with a CVE number, I guess. No “cybers” were harmed in](https://reader034.vdocuments.us/reader034/viewer/2022052103/603d43e212628f19742e0095/html5/thumbnails/16.jpg)
Source: email exchange with Dave (November 2004)
![Page 17: A Bug’s Life - Immunity Inc...Final Remarks No fancy name or logo were assigned to this vulnerability. We’ll make do with a CVE number, I guess. No “cybers” were harmed in](https://reader034.vdocuments.us/reader034/viewer/2022052103/603d43e212628f19742e0095/html5/thumbnails/17.jpg)
Unexpected News in 2005
Source: https://www.computerhistory.org/timeline/2005/
![Page 18: A Bug’s Life - Immunity Inc...Final Remarks No fancy name or logo were assigned to this vulnerability. We’ll make do with a CVE number, I guess. No “cybers” were harmed in](https://reader034.vdocuments.us/reader034/viewer/2022052103/603d43e212628f19742e0095/html5/thumbnails/18.jpg)
Source: email exchange with Dave (October 2005)
![Page 19: A Bug’s Life - Immunity Inc...Final Remarks No fancy name or logo were assigned to this vulnerability. We’ll make do with a CVE number, I guess. No “cybers” were harmed in](https://reader034.vdocuments.us/reader034/viewer/2022052103/603d43e212628f19742e0095/html5/thumbnails/19.jpg)
Fast Forward to 2017
![Page 20: A Bug’s Life - Immunity Inc...Final Remarks No fancy name or logo were assigned to this vulnerability. We’ll make do with a CVE number, I guess. No “cybers” were harmed in](https://reader034.vdocuments.us/reader034/viewer/2022052103/603d43e212628f19742e0095/html5/thumbnails/20.jpg)
![Page 21: A Bug’s Life - Immunity Inc...Final Remarks No fancy name or logo were assigned to this vulnerability. We’ll make do with a CVE number, I guess. No “cybers” were harmed in](https://reader034.vdocuments.us/reader034/viewer/2022052103/603d43e212628f19742e0095/html5/thumbnails/21.jpg)
Source: https://xkcd.com/1513/
![Page 22: A Bug’s Life - Immunity Inc...Final Remarks No fancy name or logo were assigned to this vulnerability. We’ll make do with a CVE number, I guess. No “cybers” were harmed in](https://reader034.vdocuments.us/reader034/viewer/2022052103/603d43e212628f19742e0095/html5/thumbnails/22.jpg)
![Page 23: A Bug’s Life - Immunity Inc...Final Remarks No fancy name or logo were assigned to this vulnerability. We’ll make do with a CVE number, I guess. No “cybers” were harmed in](https://reader034.vdocuments.us/reader034/viewer/2022052103/603d43e212628f19742e0095/html5/thumbnails/23.jpg)
Source: https://www.famousbirthdays.com/year/2001.html
![Page 24: A Bug’s Life - Immunity Inc...Final Remarks No fancy name or logo were assigned to this vulnerability. We’ll make do with a CVE number, I guess. No “cybers” were harmed in](https://reader034.vdocuments.us/reader034/viewer/2022052103/603d43e212628f19742e0095/html5/thumbnails/24.jpg)
The Bug
Source: Mr. Bug from the Happy! TV Series (SyFy)
![Page 25: A Bug’s Life - Immunity Inc...Final Remarks No fancy name or logo were assigned to this vulnerability. We’ll make do with a CVE number, I guess. No “cybers” were harmed in](https://reader034.vdocuments.us/reader034/viewer/2022052103/603d43e212628f19742e0095/html5/thumbnails/25.jpg)
Source: dtprintinfo28.tar in @stake 0day pack
dtprintex.c lpstat.c
![Page 26: A Bug’s Life - Immunity Inc...Final Remarks No fancy name or logo were assigned to this vulnerability. We’ll make do with a CVE number, I guess. No “cybers” were harmed in](https://reader034.vdocuments.us/reader034/viewer/2022052103/603d43e212628f19742e0095/html5/thumbnails/26.jpg)
Source: truss -fae /usr/dt/bin/dtprintinfo
![Page 27: A Bug’s Life - Immunity Inc...Final Remarks No fancy name or logo were assigned to this vulnerability. We’ll make do with a CVE number, I guess. No “cybers” were harmed in](https://reader034.vdocuments.us/reader034/viewer/2022052103/603d43e212628f19742e0095/html5/thumbnails/27.jpg)
Source: man lpstat
![Page 28: A Bug’s Life - Immunity Inc...Final Remarks No fancy name or logo were assigned to this vulnerability. We’ll make do with a CVE number, I guess. No “cybers” were harmed in](https://reader034.vdocuments.us/reader034/viewer/2022052103/603d43e212628f19742e0095/html5/thumbnails/28.jpg)
![Page 29: A Bug’s Life - Immunity Inc...Final Remarks No fancy name or logo were assigned to this vulnerability. We’ll make do with a CVE number, I guess. No “cybers” were harmed in](https://reader034.vdocuments.us/reader034/viewer/2022052103/603d43e212628f19742e0095/html5/thumbnails/29.jpg)
Source: truss -u '*' -u '!libc' -fae ./raptor_dtprintname_poc
![Page 30: A Bug’s Life - Immunity Inc...Final Remarks No fancy name or logo were assigned to this vulnerability. We’ll make do with a CVE number, I guess. No “cybers” were harmed in](https://reader034.vdocuments.us/reader034/viewer/2022052103/603d43e212628f19742e0095/html5/thumbnails/30.jpg)
Source: truss -u a.out -u 'libDtSvc : :' -u 'libc : *printf,*scanf,strdup' -fae ./raptor_dtprintname_poc
![Page 31: A Bug’s Life - Immunity Inc...Final Remarks No fancy name or logo were assigned to this vulnerability. We’ll make do with a CVE number, I guess. No “cybers” were harmed in](https://reader034.vdocuments.us/reader034/viewer/2022052103/603d43e212628f19742e0095/html5/thumbnails/31.jpg)
Source: IDA disassembly of dtprintinfo
![Page 32: A Bug’s Life - Immunity Inc...Final Remarks No fancy name or logo were assigned to this vulnerability. We’ll make do with a CVE number, I guess. No “cybers” were harmed in](https://reader034.vdocuments.us/reader034/viewer/2022052103/603d43e212628f19742e0095/html5/thumbnails/32.jpg)
Source: programs/dtprintinfo/UI/DtPrinterIcon.C in cde-src-2.3.0.tar.gz
![Page 33: A Bug’s Life - Immunity Inc...Final Remarks No fancy name or logo were assigned to this vulnerability. We’ll make do with a CVE number, I guess. No “cybers” were harmed in](https://reader034.vdocuments.us/reader034/viewer/2022052103/603d43e212628f19742e0095/html5/thumbnails/33.jpg)
Source: email exchange with Dave (January 2019)
![Page 34: A Bug’s Life - Immunity Inc...Final Remarks No fancy name or logo were assigned to this vulnerability. We’ll make do with a CVE number, I guess. No “cybers” were harmed in](https://reader034.vdocuments.us/reader034/viewer/2022052103/603d43e212628f19742e0095/html5/thumbnails/34.jpg)
The Exploit
Source: https://0xdeadbeef.info/stuff/ralphy.jpg
![Page 35: A Bug’s Life - Immunity Inc...Final Remarks No fancy name or logo were assigned to this vulnerability. We’ll make do with a CVE number, I guess. No “cybers” were harmed in](https://reader034.vdocuments.us/reader034/viewer/2022052103/603d43e212628f19742e0095/html5/thumbnails/35.jpg)
Source: raptor_dtprintname_intel.c
![Page 36: A Bug’s Life - Immunity Inc...Final Remarks No fancy name or logo were assigned to this vulnerability. We’ll make do with a CVE number, I guess. No “cybers” were harmed in](https://reader034.vdocuments.us/reader034/viewer/2022052103/603d43e212628f19742e0095/html5/thumbnails/36.jpg)
Source: pmap -x 1020
![Page 37: A Bug’s Life - Immunity Inc...Final Remarks No fancy name or logo were assigned to this vulnerability. We’ll make do with a CVE number, I guess. No “cybers” were harmed in](https://reader034.vdocuments.us/reader034/viewer/2022052103/603d43e212628f19742e0095/html5/thumbnails/37.jpg)
Source: raptor_dtprintname_intel.c
![Page 38: A Bug’s Life - Immunity Inc...Final Remarks No fancy name or logo were assigned to this vulnerability. We’ll make do with a CVE number, I guess. No “cybers” were harmed in](https://reader034.vdocuments.us/reader034/viewer/2022052103/603d43e212628f19742e0095/html5/thumbnails/38.jpg)
Source: raptor_dtprintname_intel.c
![Page 39: A Bug’s Life - Immunity Inc...Final Remarks No fancy name or logo were assigned to this vulnerability. We’ll make do with a CVE number, I guess. No “cybers” were harmed in](https://reader034.vdocuments.us/reader034/viewer/2022052103/603d43e212628f19742e0095/html5/thumbnails/39.jpg)
Source: raptor_dtprintname_intel.c
![Page 40: A Bug’s Life - Immunity Inc...Final Remarks No fancy name or logo were assigned to this vulnerability. We’ll make do with a CVE number, I guess. No “cybers” were harmed in](https://reader034.vdocuments.us/reader034/viewer/2022052103/603d43e212628f19742e0095/html5/thumbnails/40.jpg)
Source: raptor_dtprintname_intel.c
![Page 41: A Bug’s Life - Immunity Inc...Final Remarks No fancy name or logo were assigned to this vulnerability. We’ll make do with a CVE number, I guess. No “cybers” were harmed in](https://reader034.vdocuments.us/reader034/viewer/2022052103/603d43e212628f19742e0095/html5/thumbnails/41.jpg)
Source: raptor_dtprintname_intel.c
![Page 42: A Bug’s Life - Immunity Inc...Final Remarks No fancy name or logo were assigned to this vulnerability. We’ll make do with a CVE number, I guess. No “cybers” were harmed in](https://reader034.vdocuments.us/reader034/viewer/2022052103/603d43e212628f19742e0095/html5/thumbnails/42.jpg)
Source: https://twitter.com/0xdea/status/579210295496871936
![Page 43: A Bug’s Life - Immunity Inc...Final Remarks No fancy name or logo were assigned to this vulnerability. We’ll make do with a CVE number, I guess. No “cybers” were harmed in](https://reader034.vdocuments.us/reader034/viewer/2022052103/603d43e212628f19742e0095/html5/thumbnails/43.jpg)
The Sky is not Falling
![Page 44: A Bug’s Life - Immunity Inc...Final Remarks No fancy name or logo were assigned to this vulnerability. We’ll make do with a CVE number, I guess. No “cybers” were harmed in](https://reader034.vdocuments.us/reader034/viewer/2022052103/603d43e212628f19742e0095/html5/thumbnails/44.jpg)
Source: #INFILTRATE2019 swag
![Page 45: A Bug’s Life - Immunity Inc...Final Remarks No fancy name or logo were assigned to this vulnerability. We’ll make do with a CVE number, I guess. No “cybers” were harmed in](https://reader034.vdocuments.us/reader034/viewer/2022052103/603d43e212628f19742e0095/html5/thumbnails/45.jpg)
Source: https://www.oracle.com/corporate/security-practices/assurance/vulnerability/reporting.html
![Page 46: A Bug’s Life - Immunity Inc...Final Remarks No fancy name or logo were assigned to this vulnerability. We’ll make do with a CVE number, I guess. No “cybers” were harmed in](https://reader034.vdocuments.us/reader034/viewer/2022052103/603d43e212628f19742e0095/html5/thumbnails/46.jpg)
Final Remarks
No fancy name or logo were assigned to this vulnerability. We’ll make do with a CVE number, I guess.
No “cybers” were harmed in the making of this presentation.
Source: https://paulbellamy.com/vulnerability-name-generator/
![Page 47: A Bug’s Life - Immunity Inc...Final Remarks No fancy name or logo were assigned to this vulnerability. We’ll make do with a CVE number, I guess. No “cybers” were harmed in](https://reader034.vdocuments.us/reader034/viewer/2022052103/603d43e212628f19742e0095/html5/thumbnails/47.jpg)
![Page 48: A Bug’s Life - Immunity Inc...Final Remarks No fancy name or logo were assigned to this vulnerability. We’ll make do with a CVE number, I guess. No “cybers” were harmed in](https://reader034.vdocuments.us/reader034/viewer/2022052103/603d43e212628f19742e0095/html5/thumbnails/48.jpg)
Question Time
https://0xdeadbeef.info
https://github.com/0xdea
https://twitter.com/0xdea
Source: Mr. Bug from the Happy! TV Series (SyFy)