A Metasploit module for Locale::Maketext format string attack
The meeting began with some general discussion. Given the topic of the night, the discussion tended to focus on security issues. After swapping stories of computer issues and TSA security news, JD opened the actual presentation.
He began with some information about classical format string vulnerabilities
as seen in the C
printf function. He pointed out that Perl's
printf doesn't have all of the problems of the C implementation,
but it is still not perfect.
Then, he moved on to describing the problems with the format string in used in
Locale::Maketext. He shows how the format string can be used to
execute any method on the locale object, that may be a subclass of
Locale::Maketext. With a small amount of effort this can turn
into a straight-forward remote-code exploit.
He goes on to show how Moveable Type's combination of
Locale::Maketext in two
separate passes makes for a quick exploit.
After the main presentation, the discussion wandered over a number of programming topics, including observations and commentary on problems that some were having with code.
We had 7 people attending this month. As always, we'd like to thank Hostgator, LLC for providing the meeting space and food for the group.