[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20090224235542.31F4.0@paddy.troja.mff.cuni.cz>
Date: Wed, 25 Feb 2009 00:19:23 +0100 (CET)
From: Pavel Kankovsky <peak@...o.troja.mff.cuni.cz>
To: bugtraq@...urityfocus.com
Subject: Re: HP Quality Center vulnerability
On Mon, 23 Feb 2009 info@...osit.co.uk wrote:
> The front-end of the application is composed of COM components that plug
> into the web browser. [...]
> In order to optimize the interaction speed of the application, a cache
> folder is created on the client machine. [...] Indeed, those files are
> required on the client machine because the workflow is execute on the
> client, not on the server. [...]
> If a user modifies this file and then mark it as read-only, he can
> execute arbitrary code. As the OTA API allows access to the database, he
> can also modify the data stored in the database as follows:
You say you can execute arbitrary code on your computer (under your own
account)? What an amazing exploit! (pun intended)
Any client-server application depending on the client side not being
messed with by its user is *broken by design*. It does not matter
whether the messing in question is easy (like putting a VB script in the
right directory) or difficult (like attaching a debugger to a running
process and flipping bits in its memory space).
> Please note that HP has released a patch that fixes this issue, please
> contact HP support for further details.
I wonder what kind of fix has been released. Does anyone think they solved
the REAL problem?
--
Pavel Kankovsky aka Peak / Jeremiah 9:21 \
"For death is come up into our MS Windows(tm)..." \ 21th century edition /
Powered by blists - more mailing lists