| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 28 Jun 2004 20:36:43 +0200 From: "Sam" <Sam@...all.nl> To: "RSnake" <rsnake@...cking.com>, "Chris Withers" <chris@...plistix.co.uk> Cc: "Gadi Evron" <ge@...tistical.reprehensible.net>, "Harlan Carvey" <keydet89@...oo.com>, <full-disclosure@...ts.netsys.com>, <bugtraq@...urityfocus.com> Subject: Re: Re: USB risks (continued) Hi, I tested it but it will only work when the user has admin rights. With a normal user it will not work because it cannot change properties of users or make a new user. Sam ----- Original Message ----- From: "RSnake" <rsnake@...cking.com> To: "Chris Withers" <chris@...plistix.co.uk> Cc: "Gadi Evron" <ge@...tistical.reprehensible.net>; "Harlan Carvey" <keydet89@...oo.com>; <full-disclosure@...ts.netsys.com>; <bugtraq@...urityfocus.com> Sent: Monday, June 28, 2004 6:03 PM Subject: Re: [Full-Disclosure] Re: USB risks (continued) > > Of course it's not. That's just Microsoft's explination. There's no > good reason, just a vague distinction. My only point is that it isn't a > reliable attack vector, unlike an onboard CDROMs (the media, not the device > must be removable). Here is how Microsoft defines it on their usbfaq page > (sorry, the links are broken, I just cut and pasted from > http://www.microsoft.com/whdc/device/storage/usbfaq.mspx): > > Q: What must I do to trigger Autorun on my USB storage device? > If you need to make a USB storage device that executes Autorun, the following > two conditions must both be true: > > . Media must be marked as removable. > > . The device can be set to either static or removable. > > We associate the "removable" nature of a device with the bus that it resides > on. This means that a disk on an Integrated Device Electronics (IDE) or SCSI > bus would be considered fixed, whereas a disk on a USB or IEEE 1394 bus would > be regarded as removable by default. PnP uses a bit in the DEVICE_CAPABILITIES > structure to determine this. For more information, see the DEVICE_CAPABILITIES > Plug and Play Structure in the Windows DDK, located at > http://msdn.microsoft.com/library/default.asp?url=/library/en-us/kmarch/hh/kmarch/k112_22r6.asp. > > The "removable" nature of media is a property of the device. For example, in > the case of a CD-ROM or a ZIP drive, the medium can be removed without the > device itself going away, but on the other hand the medium and the disk cannot > be separated on static storage PC cards. We obtain this information by using > the StorageDeviceProperty request. For more information, see the > STORAGE_DEVICE_DESCRIPTOR Storage Structure in the Windows DDK, located at > http://msdn.microsoft.com/library/en-us/storage/hh/storage/k306_00qa.asp. > > > On Mon, 28 Jun 2004, Chris Withers wrote: > > | Date: Mon, 28 Jun 2004 11:59:11 +0100 > | From: Chris Withers <chris@...plistix.co.uk> > | To: RSnake <rsnake@...cking.com> > | Cc: Gadi Evron <ge@...tistical.reprehensible.net>, > | Harlan Carvey <keydet89@...oo.com>, full-disclosure@...ts.netsys.com, > | bugtraq@...urityfocus.com > | Subject: [Full-Disclosure] Re: USB risks (continued) > | > | RSnake wrote: > | > writeable, but the drives aren't removeable on CDs. That of course isn't true > | > if you have a USB drive, but I think part of the deal there is that you need to > | > install special drivers to even read USB CD drives. > | > | ...that's not true ;-) > | > | Chris > | > | -- > | Simplistix - Content Management, Zope & Python Consulting > | - http://www.simplistix.co.uk > | > | _______________________________________________ > | Full-Disclosure - We believe in it. > | Charter: http://lists.netsys.com/full-disclosure-charter.html > | > > -R > > The information in this email is confidential and may be legally > privileged. It is intended solely for the addressee. Access to > this email by anyone else is unauthorized. If you are not the > intended recipient, any disclosure, copying, distribution or any > action taken or omitted to be taken in reliance on it is > expressly prohibited and may be unlawful. > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists