lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Wed, 30 Apr 2014 19:32:36 -0400
From: Mike Cramer <mike.cramer@...look.com>
To: "'Brandon Perry'" <bperry.volatile@...il.com>
Cc: fulldisclosure@...lists.org, 'Stefan Kanthak' <stefan.kanthak@...go.de>,
	'Alton Blom' <altonius@...il.com>
Subject: Re: [FD] Beginners error: iTunes for Windows runs rogue program
	C:\Program.exe when opening associated files

Not necessarily, I’m just restating what is mentioned on the mitre post, which I feel can be a bit misleading.

 

There are lots of “what if” scenarios involved in exploitation of this vulnerability. And while I agree with you, the ultimate fix to all of these problems is to execute only signed executables and libraries and only when the system has Secure Boot enabled with a TPM.

 

Obviously extending this solution down to the library and executable level is far from ideal on general purpose computing.

 

So where do you draw the line?

 

I draw the line at “not likely to happen”, “in the most widespread cases already requires elevated privilege to use”, and also importantly, “incredibly easy to find by forensics groups assuming no other persistent hooks of the underlying kernel.”

 

-Mike

 

From: Brandon Perry [mailto:bperry.volatile@...il.com] 
Sent: Wednesday, April 30, 2014 19:28
To: Mike Cramer
Cc: Alton Blom; fulldisclosure@...lists.org; Stefan Kanthak
Subject: Re: [FD] Beginners error: iTunes for Windows runs rogue program C:\Program.exe when opening associated files

 

 

The practice of creating persistent services from temp directories is
"generally avoided". I see what you're saying, but the use case which you
mentioned is an extremely long shot scenario. While possible, it's not
likely going to happen.

 

 

So you're definition of vulnerability relies on likelihood. Gotcha.

 

Don't confuse risk with being vulnerable.



 

-- 
http://volatile-minds.blogspot.com -- blog
http://www.volatileminds.net -- website 


_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Powered by blists - more mailing lists