lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <201009090308.o8938axk023955@bari.maths.usyd.edu.au>
Date: Thu, 9 Sep 2010 13:08:36 +1000
From: paul.szabo@...ney.edu.au
To: full-disclosure@...ts.grok.org.uk, jf@...co.net
Subject: Re: Nmap NOT VULNERABLE to Windows DLL Hijacking
	Vulnerability

jf <jf@...co.net> wrote:

> I still don't see how this is really MSFTs fault. I mean ...theres a
> fairly clear warning on MSDN for LoadLibrary & SearchPath ...

Do not confuse: SearchPath is not the issue.

Yes, there is a warning, which is recent:

  http://blogs.technet.com/b/srd/archive/2010/08/23/more-information-about-dll-preloading-remote-attack-vector.aspx
    ... we recognize that this guidance may not always have been very
    clear. We recently published an MSDN article, "Dynamic-Link Library
    Security" that provides specific guidance ...

and that says:
  http://msdn.microsoft.com/en-us/library/ff919712(VS.85).aspx
    Consider removing the current directory from the DLL search path by
    calling SetDllDirectory with an empty string (""). 

If the default would have been "no current dir in search path" (but apps
would have needed to specifically add it if they really wanted to), then
there would be no issue.

Shame that some MS apps (Powerpoint maybe?) are affected.

---

jf <jf@...co.net> wrote:
>> An "exploit scenario" for nmap ...
> Yeah, good luck with that.

Rohit Patnaik <quanticle@...il.com> wrote:
> One problem with your scenario: any person sophisticated enough ...

Did I say that my "nmap exploit" was likely to succeed? Most home users
do not have nmap. Any person sophisticated enough, will just delve into
the source and fix it himself.

Cheers, Paul

Paul Szabo   psz@...hs.usyd.edu.au   http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics   University of Sydney    Australia

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ