What are some low level vulns?

Alan Turing · 05-07-2014, 10:58 PM

Buffer overflow
Stack Overflow
Format String Exploits
Heap Overflows

Surely there has to be more than just these, but I can never seem to find them?

misnar · 05-07-2014, 10:59 PM

gentoo-based ROP using kernel time signatures.

Alan Turing · 05-07-2014, 11:02 PM

(05-07-2014, 10:59 PM)misnar Wrote: gentoo-based ROP using kernel time signatures.

what the actual fuck is that

w00t · 05-08-2014, 01:30 AM

Race conditions, improper branching, bad casting, memory leaks....

xornull · 05-08-2014, 04:30 AM

the good one is a race hazard

Alan Turing · 05-11-2014, 02:01 PM

(05-08-2014, 04:30 AM)xornull Wrote: the good one is a race hazard

That's race conditioning is it not?

Merkuri · 07-18-2014, 10:45 PM

Integer overflow - Integer overflow is the result of trying to place into computer memory an integer hat is too large for the integer data type in a given system. I think there was such vulnerability in Adobe Flash before a few mouths(or years not sure).
You may like this page http://phrack.org/issues/60/10.html#article
But in my opinion the most recent vulnerability is wrong programming logic.
For example let's say that you have to check if a number is >= 0 and < 1000000 in C++ you will implement it like this:

Code:
if(number <= 0 || number > 1000000){

Do something

}

But a lot of programmers make this mistake:

Code:
if(number < 0 || number > 1000000){

Do something

}

Now the user can provide 0 as value, and the program may go wrong.

What are some low level vulns?
Author Message