Vulnerabilities Research Group

Meeting Minutes
Wednesday, July 29, 1998

tentative minutes; not yet approved

Present: Matt Bishop, Mike Fitzgrerald (notetaker), Todd Heberlein, Keith Herold, David O'Brien, Jeff Rowe, Omar Vanegas, Theresa White, Bema Yeo

Meeting began at 11:10AM
  1. Previous Business
    1. Review and approve minutes of previous meeting (Matt; deferred to next meeting)
  2. Presentation (Jeff)
  3. Review of Netscape, Microsoft Mail, and Microsoft Outlook email bug (Matt)
    The exploit works on attributes assigned to HTML tags. When programs load tags, apparently attribute length is not checked. So if you load the attribute, and it is too long, it overwrites the buffer. The buffer is allocated on the stack, so you can change the return address and execute a routine on the stack.
    1. Keith to get Netscape source and look into the vulnerability.
    2. How does Netscape deal with regular tags that are too long?
  4. Vulnerability Database
    1. 60 vulnerabilities converted so far; Matt going over them, making them consistent.
    2. Distribution policy discussed; a draft will be circulated.
  5. Future meetings
    1. Next Meeting: Ricardo will present on race condition checking by wrappers.
    2. Week after: Theresa and Jason will present on making stdio robust.
Meeting adjourned at 12:00.
Send email to
Matt Bishop
Department of Computer Science
University of California at Davis
Davis, CA 95616-8562

Page last modified on 8/4/98