[LUAU] get ready for apple security bugs

Jim Thompson jim at netgate.com
Wed Nov 1 13:51:16 PST 2006


On Nov 1, 2006, at 11:43 AM, Tim Newsham wrote:

>>> My understanding is that HDM found a vulnerability independantly
>>> and implemented an exploit for it.
>>
>> Phleeze.   Its the same old "send a malformed IE in a probe  
>> response (or beacon) frame" crapfest that was in the Maynor/Ellch  
>> "exploit".
>
> sure, but since maynor wasnt telling, HDM had to write his own fuzzer
> to identify the vulnerability and develop an exploit.  Hence
> "independantly."  Much as Apple did when identifying similar issues.

Apple's approach was prophylactic.   There wasn't actually an  
exploitable hole there, it was just people reading the code and  
wondering (out loud) if "this could happen".  It was a bunch of "lets  
make sure the IE can't be too long" crud.   it had ZERO net effect.

Otherwise, you would see the exact same exploits (other than changing  
the position of the code that overwrites ETX) on FreeBSD.

Which you don't.   Care to wonder why?

Note that the HDM exploit doesn't work if you've got the card in the  
normal operating mode, (where the on-card firmware interprets the  
probe response frames).

>
>>> Not sure what this has to do with Maynor not letting it drop...
>> The Krebs connection.  He's trying to get some respect after  
>> dropping the ball (on his foot) over the whole Maynor/Ellch affair.
>
> So it's not Maynor not letting it drop?

No, its Krebs.

And maybe a bit of Ellch.   Maynor has had a rag stuffed in his mouth.




More information about the LUAU mailing list