lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date: Wed, 08 Sep 2010 15:45:10 -0700
From: Justin Ferguson <jf@...co.net>
To: Fyodor <fyodor@...ecure.org>, full-disclosure@...ts.grok.org.uk
Subject: Re: Nmap NOT VULNERABLE to Windows DLL
	Hijacking	Vulnerability

> and the default windows search > path […]

Correct me if I'm wrong here, but my understanding is that it has nothing to do with the default search path, but rather applications using a search path that differs from the default loadlibrary search path. I could be wrong my attention to this issue thus far has been a few msdn pages and a lot of deleted email as unimportant.

Fyodor <fyodor@...ecure.org> wrote:

>On Sun, Sep 05, 2010 at 07:01:19PM +0530, Nikhil Mittal wrote:
>> 1. Overview
>> nmap <= 5.21 is vulnerable to Windows DLL Hijacking Vulnerability.
>
>Nmap is not vulnerable.  DLL hijacking works because of an unfortunate
>interaction between apps which register Windows file extensions and
>the default Windows DLL search path used for those apps.  Nmap does
>not, and never has, registered any Windows file extensions.  So it
>isn't vulnerable to this issue.
>
>> 8. Solution
>> Fixed in latest development release.
>
>We have not made a special new development release, nor are we
>planning one.  We do agree that Windows' default DLL search path
>handling is dumb, so we have added code in our source repository to
>improve that.  It will be included in our next regular release (maybe
>in a month or so), along with other proactive security improvements
>such as enabling Windows ASLR and DEP support.
>
>Cheers,
>Fyodor
>
>_______________________________________________
>Full-Disclosure - We believe in it.
>Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ