lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <200310252120.h9PLKAf270215__2577.64136554233$1067132759@milan.maths.usyd.edu.au>
Date: Sun, 26 Oct 2003 08:20:10 +1100 (EST)
From: psz@...hs.usyd.edu.au (Paul Szabo)
To: NTBUGTRAQ@...TSERV.NTBUGTRAQ.COM, bugtraq@...urityfocus.com,
   full-disclosure@...ts.netsys.com, mindwarper@...uxmail.org,
   psz@...hs.usyd.edu.au, thor@...x.com
Subject: Re: Internet Explorer and Opera local zone restriction bypass


Thor Larholm <thor@...X.COM> wrote:

> ... this is not a problem with Microsofts Internet Explorer, but ...
> There are two completely new issues at hand here.
> The second issue is that IE ... inadvertently redirects to a local file ...
> Content-Location: file:///c:/somefile.html
> ... circumvents the initial restriction ... on all local protocols,
> such as file:// and res:// ...

How is that not an IE problem? Do all MS apologist self-contradict?

> Being able to store arbitrary content in a known location is vital to
> any of the current range of IE exploits. ...
> A similar issue ... has been found on several occasions where a
> third-party non-Microsoft application allows you to store arbitrary
> content in a known location. ...
> In summary, when Macromedia changes their Flash player to no longer
> store Flash cookies in plaintext in a known location, this will no
> longer be an issue. ... I doubt we will see any malicious use of the
> local file redirection variation you found.

My favourite store-arbitrary-local-file application is Eudora: it
pre-extracts attachments into files in a known location.

Cheers,

Paul Szabo - psz@...hs.usyd.edu.au  http://www.maths.usyd.edu.au:8000/u/psz/
School of Mathematics and Statistics  University of Sydney   2006  Australia

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ