Back in 2005 I gave this presentation at Black Hat Japan:
http://www.blackhat.com/presentations/bh-jp-05/bh-jp-05-brezinski.pdf
This year a number of security researchers have done work on the topic and are making the rounds with their presentations.
Just a few days ago there was a big to do about security vulnerabilities in ruby. The primary vulnerabilities were integer overflows affecting memory allocations in Array and String. However, it was pointed out to ruby-core in early 2006 that integer overflow issues existed in Array and that the memory allocation macros used through out the interpreter code were subject to integer overflows:
http://blade.nagaokaut.ac.jp/cgi-bin/scat.rb/ruby/ruby-core/7818
Great to see the communities getting ahead of the curve :/
Tuesday, June 24, 2008
Subscribe to:
Posts (Atom)
