[9403] in bugtraq
Re: Buffer overflow and OS/390
daemon@ATHENA.MIT.EDU (Marc Heuse)
Mon Feb 8 04:25:21 1999
Date: Sat, 6 Feb 1999 16:53:33 +0100
Reply-To: Marc Heuse <marc@SUSE.DE>
From: Marc Heuse <marc@SUSE.DE>
To: BUGTRAQ@NETSPACE.ORG
Hi,
> When I was thinking about the OS/390 and its open TCP/IP services, this
> came to my mind that the conceptual resemblance between MVS and UNIX may
> lead to some successful buffer overflow attack in OS/390.
>
> Now open MVS comes with TCP/IP services that are running as Started Tasks
> which seem to be just like suid demons. TSO session creates its own
> address space which seems like a memory space for UNIX shell environment.
> If a normal user can create a shell code for the jump to the TSO command
> line of a SPECIAL user, I think that buffer overflow may not be impossible.
well, you can't mess with code space as normal users (if i remember correctly).
buffer overflows are of course possible, but you can't use them to do
stack smashing attacks because the code and data segments are seperated.
> Even C compiler is available for the ESA. Well, if someone finds
> vulnerable programs, this may lead to successful attack on the environment.
well, back in an old job I did a security review of the OpenEdition segment
and found some security vulnerabilities (which should be fixed in the
current release - it was a hard fight until they promised that).
i think there are still my vulnerabilities left still to be found for the
brave searcher ;-)
Greets,
Marc
--
Marc Heuse, S.u.S.E. GmbH, Schanzaeckerstr. 10, 90443 Nuernberg
E@mail: marc@suse.de Function: Security Support & Auditing
issue a "finger marc@suse.de | pgp -fka" for my public pgp key
