lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20050729042254.14702.qmail@web70512.mail.krs.yahoo.com>
Date: Fri Jul 29 05:23:04 2005
From: saintlinu at yahoo.co.kr (Park Gyutae)
Subject: nProtect solutions arbitrary file download and
	execute vulnerability


--------------------------------------------------------------------------------------------------------

Title:             nProtect:Netizen arbitrary file download and execute vulnerability
                   nProtectPersonal Web Service arbitrary file download and execute vulnerability

Discoverer:        PARK, GYU TAE (saintlinu@...l2root.org)
                   Neo

Advisory No.:      NRVA05-04
                   NRVA05-05

Critical:          High critical

Impact:            Gain remote user's privilige

Where:             From remote

Operating System:  Windows Only

Solution:          Patched 

Notice:            07. 01. 2005 initiate notify
                   07. 04. 2005 Second notify
                   07. 26. 2005 Patched
                   07. 29. 2005 Disclosure vulnerability

Description: 

The nProtect:Netizen and nProtectPersonal Web Service are an antivirus solutions.
 
It defends user from Internet about well-known hack tools and viruses something

When it need update and patch itself then download from web site such as update.nprotect.net

that time nProtect update program, npdownv.exe, DO NOT CHECK THAT update site URL!!!

We can change URL, update configuration file and so on

But npdownv.exe DO CHECK files that downloaded from update site compressed WITH PASSWORD!!!

this means npdownv.exe already known password for decompress 

I found password in npdownv.exe by REVERSE ENGINEEGERING 

and Neo modified liveup.haz, configuration file

When user accees the phishing page then downloaded trojan from hacker URL

See following detail describe:

EXPLOIT NOT INCLUDED HERE

Related link:
http://www.nprotect.co.kr/service/nProtectPersonal/nprotect/npos/kor/personal_npos.html

--------------------------------------------------------------------------------------------------------

Special thanks for My best group Null@...t. 
PS. I'm very sorry for poor my konglish 

 

__________________________________________________
? ? ??!?
????? ?????? ??! ??? ?? ?? ??? ??? ????? 
http://mail.yahoo.co.kr
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20050729/97f6554c/attachment.html

Powered by blists - more mailing lists