lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <aaf6cdb904092811583de183f4@mail.gmail.com>
Date: Tue, 28 Sep 2004 13:58:24 -0500
From: the rxmr <the.rxmr@...il.com>
To: bugtraq@...urityfocus.com
Subject: Re: Microsoft's GDI Detetection Tool faults


On 27 Sep 2004 17:46:24 -0000, albatross@....it <albatross@....it> wrote:
> In-Reply-To: <B7C2C6BA798F3C4DBDD78BEDC1F8AD5705D7D30D@...mb01.law.sullcrom.com>
> 
> The machine is a Windows XP SP1 completly patched with Office 2000 SP 3 completly patched.
> 
> I don't have any kind of imaging programs installed (Photoshop, Picture It, etc)
> 
> The output from the SANS tool is:
> 
> Scanning...
> 
> C:\WINDOWS\$NtServicePackUninstall$\sxs.dll
> 
>    Version: 5.1.2600.0 <-- Vulnerable version
> 
> C:\WINDOWS\$NtUninstallKB839645$\sxs.dll
> 
>    Version: 5.1.2600.1106 <-- Vulnerable version
> 
> C:\WINDOWS\ServicePackFiles\i386\sxs.dll
> 
>    Version: 5.1.2600.1106 <-- Vulnerable version
> 
> C:\WINDOWS\system32\sxs.dll
> 
>    Version: 5.1.2600.1515
> 
> C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.0.0_x-ww_8d353f13\GdiPlus.dll
> 
>    Version: 5.1.3097.0 <-- Vulnerable version
> 
> C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.10.0_x-ww_712befd8\GdiPlus.dll
> 
>    Version: 5.1.3101.0 <-- Vulnerable version
> 
> C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.1360_x-ww_24a2ed47\GdiPlus.dll
> 
>    Version: 5.1.3102.1360
> 
> Scan Complete.
> 
> Does anybody know what the content of the WinSxS directory under the windows installation path is?
> 
> albatross
> 
> 
> 
> 
> >How did you test this (and on what platform), and why do you propose
> 
> >that the SANS tool is delivering more accurate results than the GDI tool
> 
> >delivered by Microsoft?
> 
> >
> 
> >I tested the SANS tool against a properly patched XP system on Friday
> 
> >and found it to false positive on many of the locations it said it
> 
> >wouldn't test on.  Additionally, I found it to alert on MS09.dll, on an
> 
> >XP system.  Our understanding from Microsoft is that MS09.DLL only needs
> 
> >to be updated to be fully compatible with an updated GDIPLUS.DLL in the
> 
> >system directory, it is not directly vulnerable.
> 
> >
> 
> >So, it would be good to know what you found.
> 
> >
> 
> >Best,
> 
> >
> 
> >Gaby
> 
> >
> 
> 

>From an earlier discussion on Bugtraq:

http://lists.sans.org/pipermail/list/2004-September/062106.html

>From the page:

"from what I understand the WinSxS folder is a housing area for
shared .dll's to eliminate dll hell."

Here's a couple more links:

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/sbscs/setup/assembly_searching_sequence.asp

http://www.google.com/search?as_q=&num=10&hl=en&ie=UTF-8&btnG=Google+Search&as_epq=WinSxS&as_oq=&as_eq=&lr=&as_ft=i&as_filetype=&as_qdr=all&as_nlo=&as_nhi=&as_occt=any&as_dt=i&as_sitesearch=&safe=images

-- 
AH-TAH-HA-NE DI BAH-HAS-TKIH HANE-AL-NEH


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ