Locating security vulnerabilities

D L drllists at hotmail.com
Tue Apr 3 04:57:31 UTC 2001


Hi all,

I'm a grad student working on statically detecting buffer overflow
vulnerabilities.  I am planning on using bind 8 as a case studies to
determine the effectiveness of a tool I'm developing.

I was wondering if anyone can give me any suggestions on where to find
detailed information (i.e. the lines of code causing the vulnerability) for
known buffer overflow vulnerabilities in old versions of bind 8.

The security advisories I've seen contain brief descriptions of bind
security problems but not enough information to easily find the
vulnerability in the code.

I also tried running diff on two versions of bind but incremental versions 
seem to contain many changes in addition to the secuirty fix.

Can anyone give me some pointers to more in depth information or suggest 
things I could do to locate these vulnerabilities with in the code?

Thanks in advance,

David

Send email to drl7x at cs.virginia.edu


_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com



More information about the bind-users mailing list