lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20040709112040.U22449-100000@birmingham-infragard.org>
From: daniel_clemens at autism.birmingham-infragard.org (daniel uriah clemens)
Subject: What about M$ in the shell: race


Josh,

This is no way a shaming email,but hopefully a playful question in hopes
to find out what might be miscommunicated as a reader on multiple security
mailing lists.

>snip from your website>

I think the research over the past couple days proves that M$ just isn't
cutting it these days with their security response to vulnerabilities.
Wasn't it just the other day whn Bill Gates said that they have 1000's of
consultants ready to patch systems and it STILL takes them weeks to patch
a simple hole. I understand that M$ has to deal with the underlying OS but
with that many people shouldn't they turn patches out a little faster?
I mean, come on.. I worked with the Mozilla guys and was REALLY impressed
with the turn-around on the patch. It's wasn't real elaborate to correct
the issue but it was done in a matter of hours.

The shell: issue is all over Full-disclosure and slashdot but I have yet
to see a public response from M$ on the issue.

I hope this helps Mozilla gain some market share because it's where
browsing and security models should move in the future in my opinion-

----------end Rant---------------

M$ IE6 shell: vuln tested on fully patched XP SP1 box in VWmare lab

shell:windows\system32\calc.exe
shell:windows\system32\cmd.exe
shell:windows\system32\winver.exe
shell:windows\system32\accwiz.exe

shell:windows\system32\narrator.exe <- This is my favorite one :) This
will freak someone out when the PC talks to them.

I guess the good side to this is that IS asks the user to open the file /
save is clicked from an anchor but not when using the shell command.
test <- this calls cmd.exe using an anchor tag



I understand the disclosure process but what can you do if they don't
respond. This isn't a canned script kiddie exploit it's research. And that
should be available to anyone that is interested.

--------------

I got 99 problems but Mozilla isn't one :)

>>>>unsnip....

What reasearch did you perform to find this hole or did you simply repeat
what 'liu die yu' posted to full disclosure earlier this week.

http://umbrella.name/originalvuln/mozilla/ShellNethood/mozilla_shellnethood_rc.txt

Just for clarification's sake did you find this vulnerability through
extensive research or did you repost someone elses vulnerability to every
mailing list in the world and then posted that the media picked up on it
also.


If it was research , what methodical approach did you take to
find this vulnerability so we can all share in the fun of bugtracking or
was this research in the stance that you are evaluating the existence of a
current bug already disclosed within your lab.

What it sounds like what you have been saying the past few day is simply -
' this bug exists, I confirmed it exists, and I have repeated the work of
another and this bug is fairly huge', but I can see how others could
misinterpret this to say that you where the original bug-tracker.


>snip>
I understand the disclosure process but what can you do if they don't
respond. This isn't a canned script kiddie exploit it's research. And that
should be available to anyone that is interested.
>>snip>

I am must trying to clarify whether or not you said this was research on
your part to discover the bug, OR to simply test for the bug's existence
from what was posted from Liu Die Yu earlier this week.

> http://www.packetfocus.com/shell_exploit.htm
>
> IE will execute the shell: command locally but prompts the user to open /
> save the file if used with an anchor.
> But what is this was used with another IE exploit that may not have system
> privs but ran shell: locally-
>
> wouldn't that have system privs then or would that run under the browser?
>
> Interesting so far-
>
> Hopefully this will help the effort to promote open source standards to move
> away from M$ web monopoly.
> Until then I will just uses BBS's-- hehehehehehe
>
> Anyone up for a good game of Tradewars ;)

Once again I am merely trying to clarify allot of what you have been
posting the last few days.

Thanks,
-Daniel Uriah Clemens
Esse quam videra
		(to be, rather than to appear)
	             -Moments of Sorrow are Moments of Sobriety
                      { o)2059686335             c)2055676850 }




Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ