Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: pacsec hype security advisory: seven words ofwarning about Flash player nine.
From: "Dave \"No, not that one\" Korn" <davek_throwaway () hotmail com>
Date: Wed, 11 Oct 2006 14:52:12 +0100

Dragos Ruiu wrote:

"The new Flash player adds network functions!"

  Hey, I can do it in three words!

  Flash.  Must.  Die.

and thus there are many ways to bypass the only-connect-back-upstream
and port < 1024 limitations on the SWF applet Socket() class. A

  Limiting ports to less than 1024 hasn't been any kind of security measure 
since.. I dunno, forever really.  Since there were more than two machines 
connected to the internet.  How can anyone in the 21st century think that 
this is meaningful?

The potential for network misuse possible in Flash just went up
several orders of magnitude, and as the Adobe site triumphantly
proclaims it's apparently in use at 97.3% of networked computers.
I'll avoid some of the more exotic scenarios, lest they give
anyone some bad ideas -

  Distributed port scanning from a malicious webserver that gives every 
client a slightly modified .swf with a different range of ip addresses to 

  Seriously, thanks for the warning.  Once more, feeping creatureitis wins 
out over sanity and security.  Oh well.

Can't think of a witty .sigline today.... 

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]