[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Wed, 08 Sep 2010 15:45:10 -0700
From: Justin Ferguson <jf@...co.net>
To: Fyodor <fyodor@...ecure.org>, full-disclosure@...ts.grok.org.uk
Subject: Re: Nmap NOT VULNERABLE to Windows DLL
Hijacking Vulnerability
> and the default windows search > path […]
Correct me if I'm wrong here, but my understanding is that it has nothing to do with the default search path, but rather applications using a search path that differs from the default loadlibrary search path. I could be wrong my attention to this issue thus far has been a few msdn pages and a lot of deleted email as unimportant.
Fyodor <fyodor@...ecure.org> wrote:
>On Sun, Sep 05, 2010 at 07:01:19PM +0530, Nikhil Mittal wrote:
>> 1. Overview
>> nmap <= 5.21 is vulnerable to Windows DLL Hijacking Vulnerability.
>
>Nmap is not vulnerable. DLL hijacking works because of an unfortunate
>interaction between apps which register Windows file extensions and
>the default Windows DLL search path used for those apps. Nmap does
>not, and never has, registered any Windows file extensions. So it
>isn't vulnerable to this issue.
>
>> 8. Solution
>> Fixed in latest development release.
>
>We have not made a special new development release, nor are we
>planning one. We do agree that Windows' default DLL search path
>handling is dumb, so we have added code in our source repository to
>improve that. It will be included in our next regular release (maybe
>in a month or so), along with other proactive security improvements
>such as enabling Windows ASLR and DEP support.
>
>Cheers,
>Fyodor
>
>_______________________________________________
>Full-Disclosure - We believe in it.
>Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists