lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20031104001907.GA51049@netpublishing.com>
From: ggilliss at netpublishing.com (Gregory A. Gilliss)
Subject: SRT2003-11-02-0218 - NIPrint LPD-LPR Local Help API SYSTEM exploit

Other than the fact that it (a) tries to load a JAVA applet, (b) requires
a login and password, and (c) doesn't display a .pdf, no problem at all...

G

On or about 2003.11.04 06:15:35 +0000, KF (dotslash@...soft.com) said:

> We are currently evaluating .pdf based advisory release... please let us 
> know if you have any issues with the pdf listed below.
> 
> Full details on this issue can be found at:
> http://www.secnetops.com/research/advisories/SRT2003-11-02-0218.pdf
> 
> -KF
> 

>                
> 
> Secure Network Operations, Inc.             http://www.secnetops.com/research
> Strategic Reconnaissance Team               research@...netops.com
> Team Lead Contact                           kf@...netops.com
> 
> 
> Our Mission:
> ************************************************************************
> Secure Network Operations offers expertise in Networking, Intrusion 
> Detection Systems (IDS), Software Security Validation, and 
> Corporate/Private Network Security. Our mission is to facilitate a 
> secure and reliable Internet and inter-enterprise communications 
> infrastructure through the products and services we offer. 
> 
> To learn more about our company, products and services or to request a 
> demo of ANVIL FCS please visit our site at http://www.secnetops.com, or 
> call us at: 978-263-3829
> 
> 
> Quick Summary:
> ************************************************************************
> Advisory Number         : SRT2003-11-02-0218
> Product                 : NIPrint LPD-LPR Print Server
> Version                 : <= 4.10
> Vendor                  : http://www.networkinstruments.com/
> Class                   : Local
> Criticality             : High (to NIPrint users)
> Operating System(s)     : Win32
> 
> 
> Notice
> ************************************************************************
> The full technical details of this vulnerability can be found at:
> http://www.secnetops.com under the research section. 
> 
> 
> Basic Explanation
> ************************************************************************
> High Level Description  : NIPrint allows local user to become SYSTEM
> What to do              : Disable NIPrint until patch is available. 
> 
> 
> Basic Technical Details
> ************************************************************************
> Proof Of Concept Status : SNO has working Poc code.
> 
> Low Level Description   : The NIPrint Help API runs in a non secure manor. 
> This issue is similar to findings by Brett Moore of security-assessment.com. 
> Basic details on this type of flaw can be found at securityfocus.com/bid/8884.
> See our research page at http://www.secnetops.biz/research for further details. 
> 
> Vendor Status           : Vendor was contacted via email. No response on 
> this issue or any further response on a previously reported issue. We 
> reccomend that you disable NIPrint until a vendor patch is available. 
> 
> Bugtraq URL             : To be assigned. 
> Disclaimer
> ----------------------------------------------------------------------
> This advisory was released by Secure Network Operations,Inc. as a matter
> of notification to help administrators protect their networks against
> the described vulnerability. Exploit source code is no longer released
> in our advisories but can be obtained under contract.. Contact our sales 
> department at sales@...netops.com for further information on how to 
> obtain proof of concept code.
> 
> 
> ----------------------------------------------------------------------
> Secure Network Operations, Inc. || http://www.secnetops.com
> "Embracing the future of technology, protecting you."
> 
> 
>  


-- 
Gregory A. Gilliss, CISSP                             Telephone: 1 650 872 2420
Computer Engineering                                   E-mail: greg@...liss.com
Computer Security                                                ICQ: 123710561
Software Development                          WWW: http://www.gilliss.com/greg/
PGP Key fingerprint 2F 0B 70 AE 5F 8E 71 7A 2D 86 52 BA B7 83 D9 B4 14 0E 8C A3

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ