Reply to post: Highlights of ProjectZero writeup

FireEye flamed: A single email will grant total network access

Anonymous Coward
Anonymous Coward

Highlights of ProjectZero writeup

Your author here wonders in what world a 'security' vendor employee or subcontractor ever considered it sensible to attempt to execute data/code which arrives in an untrustworthy manner. Still, what do I know.

The highlights (from my point of view) of the ProjectZero writeup are the following, the full thing is at

http://googleprojectzero.blogspot.com.au/2015/12/fireeye-exploitation-project-zeros.html

"by sending a JAR across the network, we can get the FireEye to execute it simply by pretending to use string obfuscation."

[ ... ]

"we were eventually able to construct a class that JODE would execute, and used it to invoke java.lang.Runtime.getRuntime().exec(), which allows us to execute arbitrary shell commands. This worked during our testing, and we were able to execute commands just by transferring JAR files across the passive monitoring interfaces."

[ ... ]

"Just find an exploit that provides privilege escalation on the FireEye, and the machine is yours:

"now we’re root, with complete control of the FireEye machine. We can load a rootkit, persist across reboots or factory resets, inspect or modify traffic, or perform any other action."

[ ... ]

Nice writeup of a nice find. And at least FireEye fixed it in a timely fashion.

Who's doing a similar kind of bug-hunting job for safety-critical software (e.g. the Toyota uncommanded acceleration case is one of the more public examples)?

http://betterembsw.blogspot.co.uk/2014/09/a-case-study-of-toyota-unintended.html

If the answer is "nobody is doing it", does it matter?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019