Shellcode and format string vulnerabilities?

views:

answers:

+2 Q:

Shellcode and format string vulnerabilities?

Hi,

Here at my job, we have a lot of machines running RH 9, RH Enterprise 3 and some older Linux tastes. As I read about the "format string vulnerability" and "shellcode", I would like to know how to see if that Linux are vulnerable to these kinds of attack (without running the attacks itself)...

Thanks for help!

Get a list of the installed applications on the computer and their respective versions. Then go to a security database website and see if you can find any of the installed applications on their list.

karlphillip 2010-07-28 17:38:19

wow, this is very inefficient.

Rook 2010-07-28 17:42:33

And it won't always be correct. Some distros patch up old versions, so even if the version matches, it may have a patch which fixes the vulnerability.

Daenyth 2010-07-28 17:51:24

+1 A:

First of all a shellcode is not a vulnerably. Shellcode is a small bit of executable code that is a payload delivered by a memory corruption vulnerability like a dangling pointer or buffer overflow. Modern Linux systems are very difficult to exploit.

What you need to do is run a yum upgrade and then you should be good. Just keep your system up to date and thats all you have to worry about. If you want to see if a system is remotely exploitable then should run OpenVAS against that system. If you want to exploit a system, and run shellcode of your choice then you can use the Metasploit framework.

Rook 2010-07-28 17:38:33

Ok, I will try thatThanks !

Leonardo Rocha 2010-07-28 18:21:34

@Leonardo Rocha btw rh3 isn't a modern system, it is likely that they are easier to exploit and if redhat is no longer supporting it, then `yum upgrade` will fail you should upgrade these systems. Also this is a question for serverfault, not stackoverflow.

Rook 2010-07-28 18:23:16

ansaurus

tags:

views:

answers:

Shellcode and format string vulnerabilities?

related questions