lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Thu, 9 Sep 2010 09:51:45 -0400
From: musnt live <musntlive@...il.com>
To: bugtraq@...urityfocus.com, full-disclosure@...ts.grok.org.uk
Subject: Juniper Networks DLL Hijacking Vulnerability

1. Overview
Juniper Pix ASA is vulnerable to Windows DLL Hijacking Vulnerability.
Version 1.3.37, Mitnick Build (latest available on 30th August 2010
was tested) is vulnerable.

2. Vulnerability Description
Juniper Pix ASA is for hybrid firewall and passes insufficiently
qualified path for the dll "mitnick.dll" while opening a file using
command line interface

Timeline
09-09-2010 - Discovered Vulnerability
09-09-2010 - Informed the developers
09-09-2010 - Response from developers "We is don't make this product"
09-09-2010 - Response from MusntLive "This is be hybrid new polish
firewall from Rutkowska"
09-09-2010 - Response from developers "We understand she is a hybrid
but this isn't out product"
09-09-2010 - Response from MusntLive "I must find all DLL's in world
and make billion of advisories for MusntLive Security Pack"
09-09-2010 - Disclosure

Free Rutkowska: The Transgender Equality Network Ireland (TENI) is
seeking financial assistance for Mr. Rutkowska For more information
call 085 108 3935 or contact The Cork Gay Project on 021 4278470.

3. Exploitability
You must is be running Juniper Pix ASA

4. Versions Affected
All

5. POC/Exploit
Done with MusntLive Security Pack

6. Impact
Remote Code Execution on Juniper Pix Asa

7. References
http://tinyurl.com/musntlive

8. Solution
Stop hybridding.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ