bashing your head against nation-state social engineering
Stephan Neuhaus
stephan.neuhaus at tik.ee.ethz.ch
Sun Sep 28 23:58:24 PDT 2014
On 2014-09-28 15:47, Subrosa.io wrote:
> I think this vulnerability should have been discovered with any kind of basic fuzzing.
If I understand the vulnerability correctly, it occurs in very specific
circumstances, namely trailing data at the end of a function definition
that's transported in an environment variable.
In that case, I'd venture that *no* kind of "basic fuzzing" could have
uncovered this; the proportion of ShellShock-inducing environment
variable definitions among all possible environment variables is simply
too small.
What you would need instead is very specific syntax-directed fuzzing,
and even then I'm not sure that you have a decent chance of discovering
this without knowing already that it's there.
Fun,
Stephan
More information about the Testlist
mailing list