| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 5 Sep 2010 07:27:53 -0600 From: nikhil_uitrgpv@...oo.co.in To: bugtraq@...urityfocus.com Subject: nmap <= 5.21 is vulnerable to Windows DLL Hijacking Vulnerability. 1. Overview nmap <= 5.21 is vulnerable to Windows DLL Hijacking Vulnerability. 2. Vulnerability Description nmap passes insufficiently qualified path for the dll "airpcap.dll" while opening a file using nmap Timeline 27-08-2010 - Discovered Vulnerability 31-08-2010 - Disclosed at nmap-dev mailing list 04-09-2010 - Response and fix from developers 05-09-2010 - Disclosure 3. Exploitability A file extension needs to be registered with nmap to exploit the vulnerability and a crafted file needs to be opened from a network share. Currently nmap is not registered with any filename so users are not at risk by default. 4. Versions Affected nmap 5.21 and lower. 5. POC/Exploit Done with Webdav hijack module of Metasploit. 6. Impact Remote Code Execution in context of nmap process. 7. References http://seclists.org/nmap-dev/2010/q3/632 8. Solution Fixed in latest development release.
Powered by blists - more mailing lists