| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue Feb 14 00:46:02 2006
From: mattmurphy at kc.rr.com (Matthew Murphy)
Subject: Advisory: Internet Explorer Drag and Drop Redeux
[CVE-2005-3240] (fwd)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160
My apologies to those who are receiving this late or are otherwise
inconvenienced by the staggered release. I had unexpected, last-minute
travel issues that interfered somewhat with today's release.
Of note since the initial drafting of the advisory is that Microsoft has
released a blog post on the MSRC blog about the vulnerability report,
which can be read here:
http://blogs.technet.com/msrc/archive/2006/02/13/419439.aspx
The technical/strategic points about the exploit that are raised in the
post are indeed accurate (though it references MS05-014, when I believe
the correct reference is MS05-008/MS05-013). The exploit has a greater
dependence on timing than previous, related attacks. As such,
Microsoft's decision not to include this issue in a standalone patch is
seemingly justified at this point. However, the point of disagreement
with Microsoft remains the choice of release *timeline*.
I released the information about this issue to a trusted colleague (Gadi
Evron) for publication today, after what I felt was a reasonable time,
in light of my difficulties obtaining internet access.
Though there are disagreements between myself and Microsoft about the
nature of this vulnerability, I would like to thank Brian Schafer of the
MSRC for adhering to a high level of professionalism and technical
accuracy in that post and for continuing to work with me once it was
made clear that the issue would imminently become public.
Also of note is that there was a typo in the information I provided
originally to SecuriTeam. The proper candidate is CVE-2005-3240, not
*3840* as was originally reported by me. SecurityFocus has also
informed me that my original BID reservation was a casualty of a data
migration and that the proper BID associated with this vulnerability is
now BID 16352, which is public in full detail as of this writing.
There have also been some incorrect reports made to SecuriTeam that this
issue does not affect Windows XP Service Pack 2. These reports are not
correct -- my testing during this investigation was done exclusively on
current installations of Windows 2000 and Windows XP. These systems had
all service packs applied and all updates installed when tests were
performed.
Thanks to Gadi Evron for doing some of my bidding today and taking some
of the heat for my fat-fingers.
The final advisory, corrected with the now-accurate references is
attached with an armored-format PGP signature inline.
- --
"Social Darwinism: Try to make something idiot-proof,
nature will provide you with a better idiot."
-- Michael Holstein
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)
Comment: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xB5444D38
iD8DBQFD8Shufp4vUrVETTgRA/hpAJ9DobMIa4EH8otBMNlzIPK6RrMGUgCfcrrj
ZI9G00rer59rLkwI5uH0KGQ=
=DQ2a
-----END PGP SIGNATURE-----
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: IE-Advisory-Full.txt
Url: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20060213/625fc0d2/IE-Advisory-Full-0001.txt
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3436 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20060213/625fc0d2/smime-0001.bin
Powered by blists - more mailing lists