lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <200408041041.i74AfvWU080168@mailserver2.hushmail.com>
From: infohacking at hush.com (Hugo Vazquez Carapez )
Subject: IFH-ADV-31340 Cmd.exe allow local (and sometimes remote) command execution

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Cmd.exe allow local (and sometimes remote) command execution


Infohacking Security Advisory 08.04.04
www.infohacking.com
Aug 04, 2004


I. BACKGROUND

We discovered a very dangerous local code execution vulnerability in
all
cmd`s. This issue can be exploited using Microsoft Windows (TM) in all
his flavours and probably other Operating Sistems.


II. DESCRIPTION


Local explotation of this vulnerability can be achived by clicking start
- - -> Run and typing:
"cmd.exe" (Nt,2000,2003,XP) or "command" (w95 w98 wME) then just press
enter.

This option will display the black window who allow you entering commands
inside,
also you can type help... and several options will be displayed.


Note for users with internet information server: You can put the cmd.exe
into the
c:\inetpub\wwwroot\scripts and then execute commands remotely

HTTP://mypc/scripts/cmd.exe?/c+dir

WOW! OH MY GOD!


III. ANALYSIS

A malicious user could execute arbitrary code and take the full control
over
the box with this high vulnerability. There is no patch... but we recomend
strongly
to disable cmd.exe deleting the file itself or removing execution perms.


IV. DETECTION


Infohacking has confirmed that all windows versions up to 3.11 are vulnerable
to this issue.



V. WORKAROUNDS


No work.. indeed.


VI. CVE INFORMATION


This is an 0day bug... so still no bid and CVE.


VII. DISCLOSURE TIMELINE


03/18/04 Hugo notified the bug to abuse@....255.255.255
04/11/04 Initial vendor notification - no response
04/30/04 Secondary vendor notification - no response
05/20/04 We hack iberia.com (Hey look at me! im a hax0r and i want a
job)
08/04/04 Public Disclosure


VIII. CREDIT

Hugo V&#7857;uez Carapez http://www.infohacking.com/dirhugo.gif


Get pwned by script kiddies?
Call us, we can hack you again.


IX. LEGAL NOTICES


Copyright (c) 2004 INFOHACKING, Inc.


Permission is granted for the redistribution of this alert
electronically. It may not be edited in any way without the express
written consent of INFOHACKING. If you wish to reprint the whole or any

part of this alert in any other medium other than electronically, please

email info@...ohacking.com for permission.


Disclaimer: Infohacking is pretty whitehat and lame. If you are a part
of the blackhat communitie, please hack and remove us from the net
-----BEGIN PGP SIGNATURE-----
Note: This signature can be verified at https://www.hushtools.com/verify
Version: Hush 2.4

wkYEARECAAYFAkEQvd8ACgkQPMMEGI9aoaetaQCgpPIpKyvxva1McLMOd08poW1YcicA
n05zo4e/bcqRm8vgnarvYPKblnA9
=TlfY
-----END PGP SIGNATURE-----




Concerned about your privacy? Follow this link to get
secure FREE email: http://www.hushmail.com/?l=2

Free, ultra-private instant messaging with Hush Messenger
http://www.hushmail.com/services-messenger?l=434

Promote security and make money with the Hushmail Affiliate Program: 
http://www.hushmail.com/about-affiliate?l=427


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ