| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 9 Sep 2010 23:34:55 +0530 (IST)
From: Nikhil Mittal <nikhil_uitrgpv@...oo.co.in>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: Nmap NOT VULNERABLE to Windows DLL Hijacking
Vulnerability
>>Nmap is not vulnerable. DLL hijacking works because of an unfortunate
>>interaction between apps which register Windows file extensions and
>>the default Windows DLL search path used for those apps. Nmap does
>>not, and never has, registered any Windows file extensions. So it
>>isn't vulnerable to this issue.
Fyodor,
Nmap do load airpcap.dll from insufficiently qualified path. If you don't want it to call it a vulnerability, then it's your choice. But if you look at the issue its between apps and Windows DLL search path not only for the apps which register Windows file extensions.
Apps which register Windows file extensions are Exploitable by default while nmap is not.
So, according to me nmap is vulnerable but not exploitable by default. Please, try to figure out the difference b/w exploitability and vulnerability.
All,
You can and you should use nmap without any fear of getting exploited until you are stupid enough to open a file from a shared location using nmap. nmap _is_ safe to use.
Nikhil Mittal
Content of type "text/html" skipped
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists