Vulnerabilities Research Group
Meeting Minutes
Wednesday, July 29, 1998
tentative minutes; not yet approved
Present:
Matt Bishop,
Mike Fitzgrerald (notetaker),
Todd Heberlein,
Keith Herold,
David O'Brien,
Jeff Rowe,
Omar Vanegas,
Theresa White,
Bema Yeo
Meeting began at 11:10AM
- Previous Business
- Review and approve minutes of previous meeting (Matt; deferred
to next meeting)
 
- Presentation (Jeff)
- Review of Netscape, Microsoft Mail, and Microsoft Outlook email bug (Matt)
 The exploit works on attributes assigned to HTML tags.
When programs load tags, apparently attribute length is not checked.
So if you load the attribute, and it is too long, it overwrites the buffer.
The buffer is allocated on the stack, so you can change the return
address and execute a routine on the stack.
- Keith to get Netscape source and look into the vulnerability.
- How does Netscape deal with regular tags that are too long?
 
- Vulnerability Database
- 60 vulnerabilities converted so far; Matt going over them,
making them consistent.
- Distribution policy discussed; a draft will be circulated.
 
- Future meetings
- Next Meeting:  Ricardo will present on race condition checking by wrappers.
- Week after: Theresa and Jason will present on making stdio robust.
 
Meeting adjourned at 12:00.
 Send email to
bishop@cs.ucdavis.edu.
Send email to
bishop@cs.ucdavis.edu.
Matt Bishop
Department of Computer Science
University of California at Davis
Davis, CA  95616-8562
Page last modified on 8/4/98