Home page logo
/
fulldisclosure logo
Full Disclosure Mailing List

An unmoderated high-traffic forum for disclosure of security information. Fresh vulnerabilities sometimes hit this list many hours before they pass through the Bugtraq moderation queue. The relaxed atmosphere of this quirky list provides some comic relief and certain industry gossip. Unfortunately 80% of the posts are worthless drivel, so finding the gems takes patience.

List Archives

JanFebMarAprMayJunJulAugSepOctNovDec
2010637502564453408631417445153
2009979380465318282292550455421339387502
2008615496600821681403591559639531739635
2007593629573744564661662530709935584641
200699274018658677891058770771578678545495
2005939676950667678437766107889067710651531
200413581534149911531451103113701314109111741424731
200350540529650042189212511942176318061123782
2002314835685381456313

Latest Posts

Re: KeePass version 2.12 <= Insecure DLL Hijacking Vulnerability (dwmapi.dll) Christian Sciberras (Sep 08)
Could be a virus/trojan from my XP machine might have caused some form
of immunity against this issue?
And perhaps my extensive meddling and customization somehow modify the
Windows 7 install beyond normal limits?
I very much doubt this. I used both bitness demos for what it's worth.

Up till step 2 everything went fine. Step 3 went a little differently
- wab.exe opened, but no popup box opened with it.

Considering Acros highlighted how their...

Re: KeePass version 2.12 <= Insecure DLL Hijacking Vulnerability (dwmapi.dll) YGN Ethical Hacker Group (Sep 08)
I must say I can't take your word according to my testing.
I've tested on Clean Licensed Windows 7 Professional Edition 64-bit
with latest windows updates applied (as of Today -sept 09 2010). I
used Acros Security's 64 bit demo.

Should I make movie to prove that like
1- Updating Windows (check for updates) ,
2 - Go to \\www.binaryplanting.com\demo\windows_address_book_64
3 - See the popup box

?

Re: Nmap NOT VULNERABLE to Windows DLL Hijacking Vulnerability paul . szabo (Sep 08)
jf <jf () ownco net> wrote:

Do not confuse: SearchPath is not the issue.

Yes, there is a warning, which is recent:

http://blogs.technet.com/b/srd/archive/2010/08/23/more-information-about-dll-preloading-remote-attack-vector.aspx
... we recognize that this guidance may not always have been very
clear. We recently published an MSDN article, "Dynamic-Link Library
Security" that provides specific guidance ...

and...

Re: Nmap NOT VULNERABLE to Windows DLL Hijacking Vulnerability Rohit Patnaik (Sep 08)
One problem with your scenario: any person sophisticated enough to know what
nmap is (much less use it) is going to be just a little suspicious about
running nmap on some random "data file" that you send them.

--Rohit Patnaik

Re: Nmap NOT VULNERABLE to Windows DLL Hijacking Vulnerability paul . szabo (Sep 08)
jf <jf () ownco net> wrote:

And, people loading DLLs they do not need, for OS version detection.
(Maybe others?)

An "exploit scenario" for nmap: send a ZIP (or somesuch) archive to
the victim, containing a data file and a "hidden" DLL, with message:
Hey, these seem infected with conficker, check with nmap
and the victim using "nmap -iL datafile" from current dir.

Cheers, Paul

Paul Szabo psz () maths...

[USN-978-1] Thunderbird vulnerabilities Jamie Strandboge (Sep 08)
===========================================================
Ubuntu Security Notice USN-978-1 September 08, 2010
thunderbird vulnerabilities
CVE-2010-2760, CVE-2010-2763, CVE-2010-2764, CVE-2010-2765,
CVE-2010-2766, CVE-2010-2767, CVE-2010-2768, CVE-2010-2769,
CVE-2010-3166, CVE-2010-3167, CVE-2010-3168, CVE-2010-3169
===========================================================

A security issue affects the following Ubuntu releases:...

Re: Nmap NOT VULNERABLE to Windows DLL Hijacking Vulnerability paul . szabo (Sep 08)
Fyodor <fyodor () insecure org> wrote:

The "easy demo" is with clicks, which needs registration of extensions.
The "real thing" is a DLL in the current directory. Unless you always
use "cd path/to/nmap; ./nmap" to start, you are vulnerable: most people
would set their %PATH% to include the right thing for easy nmap.

Cheers, Paul

Paul Szabo psz () maths usyd edu au http://www.maths.usyd.edu.au/u/psz/...

Re: KeePass version 2.12 <= Insecure DLL Hijacking Vulnerability (dwmapi.dll) Christian Sciberras (Sep 08)
That is what others said, yet it installed automatically on mine.
The only interaction was that I allowed it to be downloaded and
installed....not really geeky at all...

I must say you'll have to take my word on it.

Re: KeePass version 2.12 <= Insecure DLL Hijacking Vulnerability (dwmapi.dll) paul . szabo (Sep 08)
Christian Sciberras <uuf6429 () gmail com> wrote:

That is not a "patch", not installed by default: is only for
uber-geeks who manually install it. Was issued a week ago, in
response to this kerfuffle, not "quite some time ago".

Which setting of CWDIllegalInDllSearch did you choose: was it
0xFFFFFFFF which may be "safe", but is known to break Outlook
(and others), as noted in

DLL hijacking vulnerabilities...

Re: Tuscl.net SQL injection with 30k Plain Text Passwords & 80k Email list Benji (Sep 08)
This is gay.

Re: KeePass version 2.12 <= Insecure DLL Hijacking Vulnerability (dwmapi.dll) Christian Sciberras (Sep 08)
http://support.microsoft.com/kb/2264107

That is installed both in my win7 64bit workstation system and the
32bit XP Pro (virtualized) system.
For the matter, that POC never worked on my PC, at least their initial
implementation was always flawed.
(speaking of which, did they really have to fail it when my own POC,
written under an hour, worked perfectly?)

If you still think my POC was wrong, please do try it and highlight
what is wrong with it....

Re: Nmap NOT VULNERABLE to Windows DLL Hijacking Vulnerability Fyodor (Sep 08)
Nmap is not vulnerable. DLL hijacking works because of an unfortunate
interaction between apps which register Windows file extensions and
the default Windows DLL search path used for those apps. Nmap does
not, and never has, registered any Windows file extensions. So it
isn't vulnerable to this issue.

We have not made a special new development release, nor are we
planning one. We do agree that Windows' default DLL search path
handling is...

Re: Tuscl.net SQL injection with 30k Plain Text Passwords & 80k Email list Ben (Sep 08)
*From:* "www.tuscl.net" <tuscl.founder () gmail com>
*To:* auto595158 () hushmail com, iluv2cane () gmail com, benhuoh () gmail com,
benhu () physics uakron edu
*Date:* Wed, 08 Sep 2010 19:01:24 +0000

Just received this email from the owner of the site:

Ben

How 'bout I send a couple of strippers over to your condo there in Akron so
you can cane them. You're still at 1381 Waters Edge, right?

Then maybe I will blast out an...

Re: KeePass version 2.12 <= Insecure DLL Hijacking Vulnerability (dwmapi.dll) paul . szabo (Sep 08)
Christian Sciberras <uuf6429 () gmail com> wrote:

Would you be able to give a reference to that patch, and comment on
its relationship to the recent

Microsoft Security Advisory (2269637)
Insecure Library Loading Could Allow Remote Code Execution
http://www.microsoft.com/technet/security/advisory/2269637.mspx

?

May I suggest that you tested wrong: I followed

Online Binary Planting Exposure Test...

[USN-975-1] Firefox and Xulrunner vulnerabilities Jamie Strandboge (Sep 08)
===========================================================
Ubuntu Security Notice USN-975-1 September 08, 2010
firefox, firefox-3.0, firefox-3.5, xulrunner-1.9.1, xulrunner-1.9.2 vulnerabilities
CVE-2010-2760, CVE-2010-2762, CVE-2010-2764, CVE-2010-2765,
CVE-2010-2766, CVE-2010-2767, CVE-2010-2768, CVE-2010-2769,
CVE-2010-3166, CVE-2010-3167, CVE-2010-3168, CVE-2010-3169
===========================================================

A...

More Lists

Dozens of other network security lists are archived at SecLists.Org.


[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]