lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20031125100621.24588.qmail@sf-www2-symnsj.securityfocus.com>
Date: 25 Nov 2003 10:06:21 -0000
From: Liu Die Yu <liudieyuinchina@...oo.com.cn>
To: bugtraq@...urityfocus.com
Subject: Note for "Invalid ContentType may disclose cache directory"




Note for "Invalid ContentType may disclose cache directory"

This vulnerability("Invalid ContentType may disclose cache directory") doesn't work on all systems.
("Invalid ContentType may disclose cache directory", at http://www.safecenter.net/UMBRELLAWEBV4/threadid10008/)
Please note that execdror6 and LocalZoneInCache also depends on this vulnerability.
(execdror6: http://www.safecenter.net/UMBRELLAWEBV4/execdror6/
LocalZoneInCache: http://www.safecenter.net/UMBRELLAWEBV4/LocalZoneInCache/)
I have spent extra-ordinary time on this issue and here is all i know about it:

First, The code was verified to work on a WinXp system(Simplified Chinese version) with all patches.
Then, I sent LocalZoneInCache to HTTP-EQUIV, Dror Shalev and the Pull for testing:
It works on Dror Shalev's WinXp machine(up-to-date) but it doesn't work on the Pull's Win2k system.
(because he set killbit for Adodb.Stream activeX object.)
Soon after that,  HTTP-EQUIV found it does not work on his WinXp system(2-3 weeks old, with the latest IE patch).
Then, to figure out what happened, i formatted disk and installed Win2k3 and WinXp(both Simplified Chinese version) and then applied the latest IE patch.
Both remote compromise cases(LocalZoneInCache and execdror6) don't work any more.
At last,  i reproduced both remote compromise cases on MSIEv6 running on Simplified Chinese WinXp with the following patches:
SP1;Q828750;Q330994;Q824145(a.k.a MS03-048)

If you are using IE, please help me test it and send the result directly to my emailbox.
Thanx in advance.







Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ