| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <Pine.LNX.4.21.0611080913570.22551-100000@linuxbox.org> Date: Wed, 8 Nov 2006 09:14:48 -0600 (CST) From: Gadi Evron <ge@...uxbox.org> To: Gil Dabah <arkon@...estorm.net> Cc: full-disclosure@...ts.grok.org.uk, Code-Crunchers@...testar.linuxbox.org Subject: Re: [Code-Crunchers] windows vulnerability? [was: Re: 137 bytes] On Wed, 8 Nov 2006, Gil Dabah wrote: > With all due respect to Alex. > It's still not the Mother. > You have to install DAV support for some Windows. > > And Windows can read other DLL's from the network, if you set the path to > point there... of course, it's not the same case, > but it's also possible. Unrelated, as to my post, I am explaining my meaning in a follow-up to FD and here. Further, thinking about it, this code execution stuff was mentioned by YOU of all people a while back. I guess I had the same epiphany. Gadi. > > On 11/8/06, Gadi Evron <ge@...uxbox.org> wrote: > > > > On Wed, 8 Nov 2006, onisan wrote: > > > One thing is in this makes it even more interesting, most of the > > firewalls > > > do not block this download, so it's smallest and most dangerous > > downloader > > > at the same time :o > > > > What Alex did is very impressive! Matthew Murphy came up with the idea > > originally, I think, but it doesn't take from this amazing work in any > > way. > > *awe struck* > > > > I'd say more though, it's a vulnerability. > > > > If you can load a library remotely, and do so with no problems, it's a > > vulnerability in Windows. I am not sure of what kind quite yet. > > > > The mother of all downloaders. > > > > "The Zone has a new King!" <we're not worthy x3> > > -- Jeff, Coupling (BBC, UK). > > > > Gadi. > > > > > -- G > > > > > > 2006/11/8, Solar Eclipse <solareclipse@...eedom.org>: > > > > > > > > On Tue, Nov 07, 2006 at 10:56:42AM -0800, Peter Ferrie wrote: > > > > > Why is the idata size present? AFAIK, no Windows version checks it. > > > > > Four bytes shorter, then (stop at the idata rva non-zero byte)? > > > > > > > > You're right, you can remove the last field and bring the file size > > down > > > > to 133 bytes. That's what I get for claiming that the size can't be > > > > improved :-) > > > > > > > > Solar > > > > _______________________________________________ > > > > Code-Crunchers mailing list > > > > Code-Crunchers@...testar.linuxbox.org > > > > http://whitestar.linuxbox.org/mailman/listinfo/code-crunchers > > > > _______________________________________________ > > Code-Crunchers mailing list > > Code-Crunchers@...testar.linuxbox.org > > http://whitestar.linuxbox.org/mailman/listinfo/code-crunchers > > > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists