| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 25 Feb 2009 00:19:23 +0100 (CET) From: Pavel Kankovsky <peak@...o.troja.mff.cuni.cz> To: bugtraq@...urityfocus.com Subject: Re: HP Quality Center vulnerability On Mon, 23 Feb 2009 info@...osit.co.uk wrote: > The front-end of the application is composed of COM components that plug > into the web browser. [...] > In order to optimize the interaction speed of the application, a cache > folder is created on the client machine. [...] Indeed, those files are > required on the client machine because the workflow is execute on the > client, not on the server. [...] > If a user modifies this file and then mark it as read-only, he can > execute arbitrary code. As the OTA API allows access to the database, he > can also modify the data stored in the database as follows: You say you can execute arbitrary code on your computer (under your own account)? What an amazing exploit! (pun intended) Any client-server application depending on the client side not being messed with by its user is *broken by design*. It does not matter whether the messing in question is easy (like putting a VB script in the right directory) or difficult (like attaching a debugger to a running process and flipping bits in its memory space). > Please note that HP has released a patch that fixes this issue, please > contact HP support for further details. I wonder what kind of fix has been released. Does anyone think they solved the REAL problem? -- Pavel Kankovsky aka Peak / Jeremiah 9:21 \ "For death is come up into our MS Windows(tm)..." \ 21th century edition /
Powered by blists - more mailing lists