lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 10 Jul 2013 13:27:40 +0430
From: kaveh ghaemmaghami <kavehghaemmaghami@...glemail.com>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: VLC media player MKV Parsing POC

1.The crash you showed does not control eip
(its not a stack-based bof)
2.not even arbitrary memory
(check further instructions)

On Wed, Jul 10, 2013 at 3:03 AM, kaveh ghaemmaghami <
kavehghaemmaghami@...glemail.com> wrote:

> Hello list,
> regarding to nonsense VLC post
>
> http://www.jbkempf.com/blog/post/2013/More-lies-from-Secunia?pub=0#pr
>
> 1.we said that this was a crash, not an exploitable security issue
>
> and funny publication Comment
>
> You forget to mention most important thing: If Secunia Research is
> professional, why don't they provide you with working exploit? (in example
> EIP = 0x41414141) I'm sure company like VUPEN would do just that to prove
> they point. Isn't worth to point out on other sites? (e.g. netsec)
> I really like this https://twitter.com/Secunia/status/...<https://twitter.com/Secunia/status/337140449712156672>
>  you can spot _two_ lies - first they don't find ANY vuln, second their
> lying about timeframe.
>
>
> Here is your VUPEN  0x41414141
>
>
> ModLoad: 64fb0000 650d8000   C:\Program Files
> (x86)\VideoLAN\VLC\plugins\demux\libmkv_plugin.dll
>
> (be8.f0c): Access violation - code c0000005 (first chance)
> First chance exceptions are reported before any exception handling.
> This exception may be expected and handled.
> eax=02b92a18 ebx=00890000 ecx=41414141 edx=00100000 esi=02bccbd8
> edi=00890178
> eip=77163fbb esp=04d1f324 ebp=04d1f348 iopl=0         nv up ei ng nz na po
> cy
> cs=0023  ss=002b  ds=002b  es=002b  fs=0053  gs=002b
> efl=00010283
> ntdll!RtlImageNtHeader+0xe37:
> 77163fbb 8b11            mov     edx,dword ptr [ecx]
>  ds:002b:41414141=????????
>
> 0:010> g
>
> (be8.f0c): Access violation - code c0000005 (!!! second chance !!!)
> eax=02b92a18 ebx=00890000 ecx=41414141 edx=00100000 esi=02bccbd8
> edi=00890178
> eip=77163fbb esp=04d1f324 ebp=04d1f348 iopl=0         nv up ei ng nz na po
> cy
> cs=0023  ss=002b  ds=002b  es=002b  fs=0053  gs=002b
> efl=00010283
> ntdll!RtlImageNtHeader+0xe37:
> 77163fbb 8b11            mov     edx,dword ptr [ecx]
>  ds:002b:41414141=????????
>
> 0:010> r ecx
>
> ecx=41414141
>
> 0:010> d ecx
> 41414141  ?? ?? ?? ?? ?? ?? ?? ??-?? ?? ?? ?? ?? ?? ?? ??  ????????????????
> 41414151  ?? ?? ?? ?? ?? ?? ?? ??-?? ?? ?? ?? ?? ?? ?? ??  ????????????????
> 41414161  ?? ?? ?? ?? ?? ?? ?? ??-?? ?? ?? ?? ?? ?? ?? ??  ????????????????
> 41414171  ?? ?? ?? ?? ?? ?? ?? ??-?? ?? ?? ?? ?? ?? ?? ??  ????????????????
> 41414181  ?? ?? ?? ?? ?? ?? ?? ??-?? ?? ?? ?? ?? ?? ?? ??  ????????????????
> 41414191  ?? ?? ?? ?? ?? ?? ?? ??-?? ?? ?? ?? ?? ?? ?? ??  ????????????????
> 414141a1  ?? ?? ?? ?? ?? ?? ?? ??-?? ?? ?? ?? ?? ?? ?? ??  ????????????????
> 414141b1  ?? ?? ?? ?? ?? ?? ?? ??-?? ?? ?? ?? ?? ?? ?? ??  ????????????????
>
> POC included
>
> Stay Secure
>
> Regards
> Kaveh
>

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists