Re: OT: looking for help remembering name/info about security bug
On Tuesday, January 11, 2022 at 17:56, Stan Sieler via cctalk wrote: > I *think* it was some kind of authentication failure (e.g., > incorrectly reporting "ok"), but I'm not sure. > > I do know I wrote a several page article about it, and how certain > coding practices led to it, but I can't *find* the article now :( (not > published) My guess of 4-6 years ago is possibly narrower than it > should be, but I'm not sure. Have you had a squint at the RISKS archives: http://catless.ncl.ac.uk/Risks/ Major computer-related issues are usually mentioned here, frequently (but not always) with capsule summaries. A search with some of your remembered characteristics might turn up something. -- Dave
Re: OT: looking for help remembering name/info about security bug
Your description made me think of Goto Fail: https://www.imperialviolet.org/2014/02/22/applebug.html > or using logical instead of boolean (or vice versa) logic I did find this: https://arstechnica.com/gadgets/2021/07/google-pushed-a-one-character-typo-to-production-bricking-chrome-os-devices/ But I'm pretty sure I recall another similar bug of this type.
Re: OT: looking for help remembering name/info about security bug
Re: On Tue, Jan 11, 2022 at 12:02 PM Jonathan Katz wrote: > > Heartbleed? > Checked the source code for that just now ... nope, sorry. I recall the problem being completely different from buffer overflow (e.g., by a unchecked memcpy ()), and more akin to either the programmer misinterpreting what a function did because of a poor name for the function, or using logical instead of boolean (or vice versa) logic. Of course, I could be wrong there :) thanks!
Re: OT: looking for help remembering name/info about security bug
I've received a couple of suggestions, thanks, but none seem right. BTW, I'm sorry (Liam) that I didn't make it clearer that it was absolutely a software bug, which excludes Spectre, Rowhammer, Meltdown. Aside: the Meltdown and/or Spectre patch to macOS hurt performance ... the elapsed time to compile 500 programs increased by about 12%. (At the time of the patch, I tested (properly) before and after the patch ... then forgot to publish, and since misplaced my notes.) Although I mentioned 'code', I should have been more specific: C (or, possibly, C++), but definitely no other language. I don't recall it being a buffer overflow. I *think* it was some kind of authentication failure (e.g., incorrectly reporting "ok"), but I'm not sure. I do know I wrote a several page article about it, and how certain coding practices led to it, but I can't *find* the article now :( (not published) My guess of 4-6 years ago is possibly narrower than it should be, but I'm not sure. My hope is that by being reminded of the vulnerability name, I can search my computer, and backups, for text files containing that name :) (Or the name of function associated with the problem.) thanks, Stan
Re: OT: looking for help remembering name/info about security bug
Re: > The Debian 4 OpenSSL disaster comes to mind, where IIRC a know-it-all > package manager beautified the source and reduced the effective length > of any generated keys to 32 bit. But that was more like 15 yrs ago... > That sound like something I should read about, thanks ... but it isn't it. Stan
Re: OT: looking for help remembering name/info about security bug
No, Heartbleed was a protocol specification error, where if you implemented what the spec said you automatically produced a security bug. paul > On Jan 11, 2022, at 3:02 PM, Jonathan Katz via cctalk > wrote: > > Heartbleed? > > > On Tue, 11 Jan 2022 at 20:00, Hauke Fath via cctalk > wrote: > >> On Mon, 10 Jan 2022 22:04:33 -0800, Stan Sieler via cctalk wrote: >>> It may have been that either the routine wasn't getting called when it >>> should, or that the programmer misinterpreted what the return value >> meant. >> >> The Debian 4 OpenSSL disaster comes to mind, where IIRC a know-it-all >> package manager beautified the source and reduced the effective length >> of any generated keys to 32 bit. But that was more like 15 yrs ago... >> >> Cheerio, >> Hauke >> >> -- >> Hauke Fath >> Linnéweg 7 >> 64342 Seeheim-Jugenheim >> Germany >> > -- > -Jon > +44 7792 149029
Re: OT: looking for help remembering name/info about security bug
Heartbleed? On Tue, 11 Jan 2022 at 20:00, Hauke Fath via cctalk wrote: > On Mon, 10 Jan 2022 22:04:33 -0800, Stan Sieler via cctalk wrote: > > It may have been that either the routine wasn't getting called when it > > should, or that the programmer misinterpreted what the return value > meant. > > The Debian 4 OpenSSL disaster comes to mind, where IIRC a know-it-all > package manager beautified the source and reduced the effective length > of any generated keys to 32 bit. But that was more like 15 yrs ago... > > Cheerio, > Hauke > > -- > Hauke Fath > Linnéweg 7 > 64342 Seeheim-Jugenheim > Germany > -- -Jon +44 7792 149029
Re: OT: looking for help remembering name/info about security bug
On Mon, 10 Jan 2022 22:04:33 -0800, Stan Sieler via cctalk wrote: > It may have been that either the routine wasn't getting called when it > should, or that the programmer misinterpreted what the return value meant. The Debian 4 OpenSSL disaster comes to mind, where IIRC a know-it-all package manager beautified the source and reduced the effective length of any generated keys to 32 bit. But that was more like 15 yrs ago... Cheerio, Hauke -- Hauke Fath Linnéweg 7 64342 Seeheim-Jugenheim Germany
Re: OT: looking for help remembering name/info about security bug
On Tue, 11 Jan 2022 at 06:04, Stan Sieler via cctalk wrote: > > Hi, > > I'm trying to remember the name (and some information about) a past > security bug, for an article. > > Somewhere between 4 and 6 years ago (I think), there was a fairly major > security bug reported (probably in Linux, or in SSH code, but > something widely used). > > IIRC, the bug was a single line that called a function (possibly along the > lines of CredentialsCheck), and may have involved a bit-wise or (or and) > instead of a logical one. > > It may have been that either the routine wasn't getting called when it > should, or that the programmer misinterpreted what the return value meant. > > Ring any bells? Just on the offchangce the bell might be named "Apple" (it's a goto fail rather than a bit-wise issue) https://nakedsecurity.sophos.com/2014/02/24/anatomy-of-a-goto-fail-apples-ssl-bug-explained-plus-an-unofficial-patch/ David
Re: OT: looking for help remembering name/info about security bug
You're probably talking about the java bug from back then. I forget the name ofnit. Bill On Tue, Jan 11, 2022, 6:38 AM Liam Proven via cctalk wrote: > On Tue, 11 Jan 2022 at 07:04, Stan Sieler via cctalk > wrote: > > > > Somewhere between 4 and 6 years ago (I think), there was a fairly major > > security bug reported (probably in Linux, or in SSH code, but > > something widely used). > > Too vague. I think you need to narrow it down. > > Heartbleed, Spectre, Rowhammer, Meltdown, Shellshock? > > https://github.com/hannob/vulns > > -- > Liam Proven ~ Profile: https://about.me/liamproven > Email: lpro...@cix.co.uk ~ gMail/gTalk/FB: lpro...@gmail.com > Twitter/LinkedIn: lproven ~ Skype: liamproven > UK: (+44) 7939-087884 ~ Czech [+ WhatsApp/Telegram/Signal]: (+420) > 702-829-053 >
Re: OT: looking for help remembering name/info about security bug
On Tue, 11 Jan 2022 at 07:04, Stan Sieler via cctalk wrote: > > Somewhere between 4 and 6 years ago (I think), there was a fairly major > security bug reported (probably in Linux, or in SSH code, but > something widely used). Too vague. I think you need to narrow it down. Heartbleed, Spectre, Rowhammer, Meltdown, Shellshock? https://github.com/hannob/vulns -- Liam Proven ~ Profile: https://about.me/liamproven Email: lpro...@cix.co.uk ~ gMail/gTalk/FB: lpro...@gmail.com Twitter/LinkedIn: lproven ~ Skype: liamproven UK: (+44) 7939-087884 ~ Czech [+ WhatsApp/Telegram/Signal]: (+420) 702-829-053
OT: looking for help remembering name/info about security bug
Hi, I'm trying to remember the name (and some information about) a past security bug, for an article. Somewhere between 4 and 6 years ago (I think), there was a fairly major security bug reported (probably in Linux, or in SSH code, but something widely used). IIRC, the bug was a single line that called a function (possibly along the lines of CredentialsCheck), and may have involved a bit-wise or (or and) instead of a logical one. It may have been that either the routine wasn't getting called when it should, or that the programmer misinterpreted what the return value meant. Ring any bells? thanks! Stan