lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Tue, 1 Aug 2006 17:15:54 -0700
From: EvilPacket <evilpacket@...il.com>
To: bugtraq@...urityfocus.com
Subject: Simpliciti Locked Browser Jail Breakout Vulnerability

Simpliciti Locked Browser Jail Breakout Vulnerability
ESRL

Discovery Date: March 20, 2006
Discovery By: Adam Baldwin (adam_baldwin@...lpacket.net)

Versions Effected: All versions

Background:
Simpliciti Locked Browser is a product that provides "no-programming
required PC lockdown..." functionality for common-access PCs or
kiosks. "You can quickly create a limited or restricted Internet usage
environment for users in places such as retail kiosks, libraries,
self-serve banks, hospitals, and clinics, as well as in universities
and schools."

Overview:
The Simpliciti Locked Browser interface jail can be broken out of
using simple JavaScript. This vulnerability requires access to a
website that is vulnerable to a cross-site scripting (XSS) attack or
access to a website that you control.

Proof of Concept:
The following POC code demonstrates how to force the Locked Browser
product into a continuous out of focus state that allows the user to
"break out" of the interface jail. While it may initially appear that
the user does not have extra control over the PC, the hotkey
combination of ctrl+shift+esc will eventually bring up the Windows
task manager.

	<script>while(true){window.blur();}</script>

Mitigating strategy:
As with any application, run it with minimal privileges. Strictly
control the sites that the kiosk has access to. The vendor has
confirmed that this vulnerability will be addressed in the next
release of the product.

Vendor Website: http://www.simpliciti.biz

Vendor Communications:
03.20.2006 - Initial vendor notification (info [at] simpliciti.biz)
03.21.2006 - Vendor responded, requesting more information
03.21.2006 - Proof of concept provided to vendor
05.19.2006 - Vendor confirms fix in next release

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ