lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20090224235542.31F4.0@paddy.troja.mff.cuni.cz>
Date: Wed, 25 Feb 2009 00:19:23 +0100 (CET)
From: Pavel Kankovsky <peak@...o.troja.mff.cuni.cz>
To: bugtraq@...urityfocus.com
Subject: Re: HP Quality Center vulnerability

On Mon, 23 Feb 2009 info@...osit.co.uk wrote:

> The front-end of the application is composed of COM components that plug
> into the web browser. [...]
> In order to optimize the interaction speed of the application, a cache
> folder is created on the client machine. [...] Indeed, those files are
> required on the client machine because the workflow is execute on the
> client, not on the server. [...]
> If a user modifies this file and then mark it as read-only, he can
> execute arbitrary code. As the OTA API allows access to the database, he
> can also modify the data stored in the database as follows:

You say you can execute arbitrary code on your computer (under your own 
account)? What an amazing exploit! (pun intended)

Any client-server application depending on the client side not being
messed with by its user is *broken by design*. It does not matter
whether the messing in question is easy (like putting a VB script in the
right directory) or difficult (like attaching a debugger to a running
process and flipping bits in its memory space).

> Please note that HP has released a patch that fixes this issue, please 
> contact HP support for further details.

I wonder what kind of fix has been released. Does anyone think they solved 
the REAL problem?

-- 
Pavel Kankovsky aka Peak                          / Jeremiah 9:21        \
"For death is come up into our MS Windows(tm)..." \ 21th century edition /

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ