Monday, December 29, 2008

The vuln before Christmas

  • T'was the night before Christmas, and all through the net,
  • not a hacker was stirring, not even FX,
  • the servers all hummed in post-purchase daze,
  • to await the deluge of gift-card traffic craze,

  • The VRT was drinking, three sheets to the wind,
  • in order to escape both family and friend,
  • Matt, Shong, and Ryan had all left for sushi,
  • while somewhere some script kiddy was being real douchey,

  • When on Milw0rm was released remote pwn,
  • Patrick sprang to his laptop, picked up his cell phone,
  • we put down our egg nog, relinquished our tumblers,
  • busted out hex editors, checked all the numbers,

  • A file template built, Pat now had the vision,
  • To find oddness in song tempo, and time division,
  • and what in my windbg window should appear,
  • but a #DE error, no int overflow here!

  • Now checking in IDA, and tweaking edx,
  • no memory moved, no additional wrecks,
  • not a vuln at all here! Not nearly the same,
  • I can't believe we stopped drinking for something so lame!

  • The problem's control of four high order bytes,
  • when in simple division the quotient's not right,
  • the value produced must fit inside a DWORD,
  • if the value's too big the proc flips you the bird

  • So we've penned you this poem to put you at ease,
  • and save you the folly, the stress, (or the tease!),
  • so before we get plastered real good and right,
  • Merry Christmas to all and to all a good night!

(* In relation to the Windows Media Player "Integer Overflow" posted to milw0rm on Christmas eve.)

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.