lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <39945.1657584452$1140734144@news.gmane.org>
Date: Fri, 24 Feb 2006 00:37:00 +0300
From: NSA Group <vulnerability@...g.ru>
To: bugtraq@...urityfocus.com
Subject: NSA Group Security Advisory NSAG-№198-23.02.2006 Vulnerability The Bat  v. 3.60.07


Advisory:
NSAG-№198-23.02.2006

Research:
NSA Group [Russian company on Audit of safety & Network security]

Site of Research:
http://www.nsag.ru or http://www.nsag.org

Product: 
The Bat  v. 3.60.07 

Site of manufacturer:
www.ritlabs.com

The status: 
19/11/2005 - Publication is postponed. 
19/11/2005 - Manufacturer is notified. 
12/12/2005 - Answer of the manufacturer. 
22/02/2006 - Publication of vulnerability.

Original Advisory:
http://www.nsag.ru/vuln/953.html

Risk: 
Critical 

Description: 
Vulnerability exists owing to insufficient check of the size of the buffer of a variable
in which it is copied data from field Subject.

Influence: 
The malefactor is capable to execute an any code  on a computer of the addressee of the letter.

Exploit: 
If a field subject == 4038 bytes at reception of such letter there is an overflow of the buffer and 
Rewriting of registers EIP and EBP, that allows the malefactor to execute 
Any code in a context vulnerable The Bat appendices. 
Exemple: 

Subject:AAAAAAAAAAA.... 4038..... AABB 
A=0x41 (hex) 
B=0x42 (hex) 

Condition of a code, at the moment of overflow: 
New Entery point: 
00420042 FE???; Unknown command // Performance of an any code!!! 

Condition of registers: 
EAX 01CCC4A4 
ECX 00000000 
EDX 0012FA5C 
EBX 02A4EB40 
ESP 0012F9EC 
EBP 00410041 thebat.00410041 
      
       A A 
ESI 00000004 
EDI 02A231F0 
EIP 00420042 thebat.00420042 
      
       B B 

Decision: 
Download new version.
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Our company is the independent auditor of the software in market IT.
At present independent audit of the software becomes the standard practice
and we suggest to make a let out product as much as possible protected from a various sort of attacks of malefactors!

www.nsag.ru 
«Nemesis» © 2006
------------------------------------ 
Nemesis Security Audit Group © 2006.





Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ