Home page logo

bugtraq logo Bugtraq mailing list archives

RE: CommonName Toolbar potentially exposes LAN web addresses
From: "Mustafa Deeb" <mustafa () palnet com>
Date: Thu, 3 Oct 2002 17:09:12 +0200

how can you get rid of Commonname?


-----Original Message-----
From: Eric Stevens [mailto:mightye () mightye org]
Sent: Thu, October 03, 2002 3:10 PM
To: Bugtraq; support () commonname com
Subject: CommonName Toolbar potentially exposes LAN web addresses

Due to a bug in the URL validation done in CommonName Toolbar (in at least
dll version on IE 6), addresses from local intranets may be exposed
to the CommonName organization.  It would appear on early evaluation that
valid URLs such as
are deemed an attempt to locate an organization named "someserver," with
reference to "some path."

The key seems to be the lack of a dot in the server name.

The danger of this is relatively low, only CommonName is exposed to this
information, and other search engines as configured by the user on the
CommonName website, and even then only after a clickthrough on the
CommonName website.  All are reputable organizations, though it does still
represent a breach in data security.

Though danger is low, annoyance factor is high, users are prevented from
accessing their Intranet unless they use a dot-included version of the
server name.

More annoying to me than the bug, and the fact that users here who had it
installed were prevented from actually being able to access our Intranet
servers, however, is that when I turned off all CommonName options, users
were still being directed to the CommonName website on Intranet requests.
Further, in an attempt to allow these users access to our Intranet again, I
closed out of all browsers and uninstalled the CommonName toolbar, restarted
the system, and found that they were still being directed to the CommonName
website on Intranet requests; my best efforts to disable the CommonName
toolbar by supplied mechanisms were futile.

The working solution was to remove all non-administrative access to the
Program Files\CommonName directory, preventing users' IE sessions from being
able to read the DLL's, and finally disabling the CommonNames auto-search

As an asside, that caused me to stumble on an idea to proactively protect
yourself from spyware; intentionally install it, or else find out what paths
are used to install it, then deny yourself access to those paths, and even
the sneakiest spyware will be unable to install itself on your system,
unless it chooses random locations and file names.

Further testing with CommonNames toolbar is left as an exercise to those
with out a database due tomorrow (read: the user).


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]