[Dailydave] tech writeup on VML and the ZERT patch
Gadi Evron
ge at linuxbox.org
Wed Oct 4 14:53:24 Local tim 2006
We at ZERT released a paper on the VML vulnerability and how the ZERT
patch worked (technical + ASM/C code). It can be found here:
http://zert.isotf.org/papers/vml-details-20060928.pdf
I just answered some guy on FD/other places on this subject, and figured
re's here may be interested. Quoting:
"Our (ZERT's) VML patch was what you refer to as "real". There was space
issue with not enough bytes to play with, so Gil Dabah, one of our
members, re-wrote the vulnerable function in Yasm, compiled it, and
hard-coded the compiled code into the binary, with room to spare, saving
functionality. Code crunching is back in style. :)"
Thanks,
Gadi.
More information about the Dailydave
mailing list