lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <200601161452.21782.sflist@digitaloffense.net>
Date: Mon, 16 Jan 2006 14:52:21 -0600
From: H D Moore <sflist@...italoffense.net>
To: bugtraq@...urityfocus.com
Cc: news@...uriteam.com
Subject: Re: [Full-disclosure] WehnTrust - When you have to trust Wehntrust


Any chance you contacted Wehnus about it? The "hot fix" is just to open 
regedit, browse to this key, and place the path inside double quotes. 
Minor problem, but I am sure Matt would have appreciated an email first.

-HD

On Monday 16 January 2006 14:47, Thierry Zoller wrote:
> Dear  List,
>
> Small blurp I came around; when Wehntrust creates the autostart key
> it forgets to correctly quote the string in the key and thus may
> trigger an autostart of c:\program.bat|exe|com up-on reboot... [2]
>
> Quoting [1] :
> ^^^^^^^^^^^^
> -----------------------------------------------------------------------
>--- c:\program files\sub dir\program.exe,
>
> In this case, the system will successively expand the string when
> interpreting the file path, until a module is encountered to execute.
> The string used in the above example would be interpreted as follows:
>
>    c:\program.exe
>    c:\program files\sub.exe
>    c:\program files\sub dir\program.exe
> -----------------------------------------------------------------------
>------
>
> [1]
> http://lists.grok.org.uk/pipermail/full-disclosure/2005-November/038789
>.html [2] Only a real issue in Windows 2000, WinXP restricted
>     users don't have the right to write to c:\
> [3] http://secdev.zoller.lu
> [4] http://www.wehnus.com/


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ