lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <SNT107-DS25D95A55BE8B87EACAE8EC7B80@phx.gbl> Date: Fri, 13 Feb 2009 11:24:23 +0530 From: "Sandeep Cheema" <51l3n7@...e.in> To: "Jon Kloske" <jon@...edu.au> Cc: <bugtraq@...urityfocus.com> Subject: Re: SEP(Symantec) Bug Hey Jon, I am sorry about the space after the "~", That was a typo. Its been tested it on all the versions prior to MR4MP1 since the RTM(11.0.776) But what's interesting is that the process isn't crashing. But a possible arbitrary execution of code. I will do some more research into it to come up with an exploit with it. Thank you. Regards, Sandeep .-------------------------------------------------- From: "Jon Kloske" <jon@...edu.au> Sent: Friday, February 13, 2009 9:11 AM To: "Sandeep Cheema" <51l3n7@...e.in> Cc: <bugtraq@...urityfocus.com> Subject: RE: SEP(Symantec) Bug > Hi Sandeep, > > Are you saying this is supposed to affect 11.0.4000.x? If so, what > sub-sub-minor versions did you test it on? > > I just tested this on 11.0.4000.2295 (on a managed client) and all it > did was crash the smc.exe process started by the command you supplied, > not smcgui.exe process. I tested as an administrator and an unprivileged > user and got the same results - smc.exe crashes, but not the smcgui.exe > process. > > It would be interesting if you could provide more information, since if > this is actually doing what you say it's doing it would be a horrifying > attack vector for worms and viruses. > > As an aside, I noticed that if I run "smc.exe -p" it crashes too, with > or without the tilde ("~") on the end. If I run "smc -p" (omit the .exe) > it doesn't crash, but "smc -p ~" crashes. (qualifying note: in all these > cases this is just the smc.exe process that was started by the command > that crashed, not the smcgui.exe process.) And yes, I tried adding the > space after the tilde as you originally quoted in the email :) > > Regards, > Jon. > > ps: A list of smc.exe command line parameters is available here: > http://service1.symantec.com/SUPPORT/ent-security.nsf/904c88a5602c2de388 > 2573410063493c/d02aafed7241b975802573aa0037fb30?OpenDocument > > -- > _________________ > Jon Kloske [ITIG] > Systems Programming Manager > jon@...edu.au :: x54193 :: 78-516B > Faculty of EAIT, UQ :: CRICOS No. 00025B > > >> -----Original Message----- >> From: Sandeep Cheema [mailto:51l3n7@...e.in] >> Sent: Friday, 13 February 2009 12:16 AM >> To: bugtraq@...urityfocus.com >> Subject: SEP(Symantec) Bug >> >> Hi, >> >> There is a bug with the "Symantec Endpoint Protection"( Tested on all >> versions till 11.0.4000) >> >> When you execute the following command "smc.exe -p ~ " the smcgui.exe >> crashes. You don't need admin privilege for this. >> >> Regards, Sandeep >> 51l3n7[at]live.in >> >> >> >> > >
Powered by blists - more mailing lists