| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 9 Sep 2010 12:53:49 +0200 From: Christian Sciberras <uuf6429@...il.com> To: Mitja Kolsek <mitja.kolsek@...ossecurity.com> Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com, paul.szabo@...ney.edu.au Subject: Re: KeePass version 2.12 <= Insecure DLL Hijacking Vulnerability (dwmapi.dll) * replace my later "possible" with "dll" (to hell with distractions!) Cheers, Chris. On Thu, Sep 9, 2010 at 12:52 PM, Christian Sciberras <uuf6429@...il.com> wrote: >> Bwt, you can simply turn our Internet-based test into an intranet or local test by >> copying the files to your local share or a folder on your computer and double-click >> the .wab file from there. The usual caution with runnning code from unknown sources >> applies, of course. > > I did better, I wrote my own test, which just like your test, it > failed proving the vulnerability. > The only difference was that I knew what was going wrong and tried to > get it to work in all ways possible; > it only seemed to work when the right possible wasn't anywhere near > the running executable (or system directories). > > Unless the whole point of the vulnerability was to exploit non-existent dlls?? > >> Can you please send the Process Monitor log for this case? We'll be happy to look >> into your case. > > Sure, fine by me. > > > Regards, > Chris. > > > > On Thu, Sep 9, 2010 at 12:32 PM, Mitja Kolsek > <mitja.kolsek@...ossecurity.com> wrote: >> Hi Chris, >> >>> Considering Acros highlighted how their POC was highly >>> unstable (they've frequently advised to try the program >>> several times to get it to work) I don't see such abnormal >>> behaviour out of this world. >> >> Indeed, we're seeing problems with accessing (any) remote WebDAV shares from various >> Windows computers, while it works just great on others. Based on network monitoring, >> it doesn't seem to be the problem with the server though, but rather with occasionaly >> unreliable support for WebDAV folders in Windows. We're looking for possible causes >> and especially for workarounds that could improve the reliability. >> >> We'll appreciate your feedback - tell us how it worked or didn't work for you. It's a >> chance for us all to learn something new. >> >> Bwt, you can simply turn our Internet-based test into an intranet or local test by >> copying the files to your local share or a folder on your computer and double-click >> the .wab file from there. The usual caution with runnning code from unknown sources >> applies, of course. >> >>> One last thing, rather than just running a random POC I've >>> actually looked into what's going on, via Process Monitor, >>> and as far as it's concerned, it always loaded the correct >>> (ie, the original) dlls. >> >> Can you please send the Process Monitor log for this case? We'll be happy to look >> into your case. >> >> Cheers, >> >> Mitja Kolsek >> CEO&CTO >> >> ACROS, d.o.o. >> Makedonska ulica 113 >> SI - 2000 Maribor, Slovenia >> tel: +386 2 3000 280 >> fax: +386 2 3000 282 >> web: http://www.acrossecurity.com >> >> ACROS Security: Finding Your Digital Vulnerabilities Before Others Do >> >> >> > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists