Re: Historical Bugtraq Question

From: Alfred Huger (ahat_private)
Date: Fri Oct 01 1999 - 09:46:20 PDT

Next message: Alan T. Ruiz: "Re: Team Asylum: Yahoo! Messenger DoS"

Previous message: Dmitry Yu. Bolkhovityanov: "Re: Kvt bug"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, 1 Oct 1999, Joshua R. Poulson wrote:

> If memory serves, the first widely-publicized buffler overflow exploit
> involved a program called "fingerd" in the misty mists of time.

Yep, Morris used it in his worm in 89. Bugtraq was born in 93. Let me
clarify what I was asking a little.

 I do in fact think RTM was the first use a buffer overflow in the 'wild'
per say at least so far as it was documented (read: he got caught). The
paper I am hoping to write is actually going to be based on Bugtraq (1993-1999)
and the impact it has had on the 'popular' buffer overflow. My assertion is
that at least so far as Bugtraq is concerned the proliferation of the
buffer overflow did not become a reality until the Splitvt bug was posted
in 95. Afterwards dozens of exploits followed in fairly short order all
based off the shell code in splitvt. Following that Aleph1's paper caused
another family of shell code to flood the list (X86 shell code in any
event). I believe that this focus on overflows was responsible for the
majority of the shell code in use today both X86 and otherwise (MIPS/SPARC
etc.).

 The paper is actually not solely geared around buffer overflows, but on
Bugtraq in general. My goal is to see if Bugtraq has a tangible effect on
the industry over the last 6 years of it's existence. My current assertion
is that it has had a significant impact, both positive and negative.

 As points of interest, I am aware that number of buffer overflows were
available before Bugtraq, or at least outside of Bugtraq. Including Mudges
BSDI Syslog overflow posted to l0pht.com in November of 95 as well as a
sundry of other exploits available via the CORE and Zardoz mailing lists
which were pre-Bugtraq. The majority of these, if I remember correctly
were for SunOS and included some or at least one widely used buffer
overflow (rdist).

I am not planning on releasing the paper itself for quite some time, any
direction or advice you might suggest would be deeply appreciated.

-al.

Next message: Alan T. Ruiz: "Re: Team Asylum: Yahoo! Messenger DoS"
Previous message: Dmitry Yu. Bolkhovityanov: "Re: Kvt bug"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:06:20 PDT