Full Disclosure mailing list archives
Re: What about M$ in the shell: race
From: daniel uriah clemens <daniel_clemens () autism birmingham-infragard org>
Date: Fri, 9 Jul 2004 11:33:49 +0000 (GMT)
Josh, This is no way a shaming email,but hopefully a playful question in hopes to find out what might be miscommunicated as a reader on multiple security mailing lists.
snip from your website>
I think the research over the past couple days proves that M$ just isn't cutting it these days with their security response to vulnerabilities. Wasn't it just the other day whn Bill Gates said that they have 1000's of consultants ready to patch systems and it STILL takes them weeks to patch a simple hole. I understand that M$ has to deal with the underlying OS but with that many people shouldn't they turn patches out a little faster? I mean, come on.. I worked with the Mozilla guys and was REALLY impressed with the turn-around on the patch. It's wasn't real elaborate to correct the issue but it was done in a matter of hours. The shell: issue is all over Full-disclosure and slashdot but I have yet to see a public response from M$ on the issue. I hope this helps Mozilla gain some market share because it's where browsing and security models should move in the future in my opinion- ----------end Rant--------------- M$ IE6 shell: vuln tested on fully patched XP SP1 box in VWmare lab shell:windows\system32\calc.exe shell:windows\system32\cmd.exe shell:windows\system32\winver.exe shell:windows\system32\accwiz.exe shell:windows\system32\narrator.exe <- This is my favorite one :) This will freak someone out when the PC talks to them. I guess the good side to this is that IS asks the user to open the file / save is clicked from an anchor but not when using the shell command. test <- this calls cmd.exe using an anchor tag I understand the disclosure process but what can you do if they don't respond. This isn't a canned script kiddie exploit it's research. And that should be available to anyone that is interested. -------------- I got 99 problems but Mozilla isn't one :)
unsnip....
What reasearch did you perform to find this hole or did you simply repeat what 'liu die yu' posted to full disclosure earlier this week. http://umbrella.name/originalvuln/mozilla/ShellNethood/mozilla_shellnethood_rc.txt Just for clarification's sake did you find this vulnerability through extensive research or did you repost someone elses vulnerability to every mailing list in the world and then posted that the media picked up on it also. If it was research , what methodical approach did you take to find this vulnerability so we can all share in the fun of bugtracking or was this research in the stance that you are evaluating the existence of a current bug already disclosed within your lab. What it sounds like what you have been saying the past few day is simply - ' this bug exists, I confirmed it exists, and I have repeated the work of another and this bug is fairly huge', but I can see how others could misinterpret this to say that you where the original bug-tracker.
snip>
I understand the disclosure process but what can you do if they don't respond. This isn't a canned script kiddie exploit it's research. And that should be available to anyone that is interested.
snip>
I am must trying to clarify whether or not you said this was research on your part to discover the bug, OR to simply test for the bug's existence from what was posted from Liu Die Yu earlier this week.
http://www.packetfocus.com/shell_exploit.htm IE will execute the shell: command locally but prompts the user to open / save the file if used with an anchor. But what is this was used with another IE exploit that may not have system privs but ran shell: locally- wouldn't that have system privs then or would that run under the browser? Interesting so far- Hopefully this will help the effort to promote open source standards to move away from M$ web monopoly. Until then I will just uses BBS's-- hehehehehehe Anyone up for a good game of Tradewars ;)
Once again I am merely trying to clarify allot of what you have been posting the last few days. Thanks, -Daniel Uriah Clemens Esse quam videra (to be, rather than to appear) -Moments of Sorrow are Moments of Sobriety { o)2059686335 c)2055676850 } _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- What about M$ in the shell: race Perrymon, Josh L. (Jul 09)
- Re: What about M$ in the shell: race daniel uriah clemens (Jul 09)
- RE: What about M$ in the shell: race Larry Seltzer (Jul 10)
- <Possible follow-ups>
- RE: What about M$ in the shell: race Perrymon, Josh L. (Jul 09)
- RE: What about M$ in the shell: race http-equiv () excite com (Jul 10)
- RE: What about M$ in the shell: race Larry Seltzer (Jul 10)
- RE: What about M$ in the shell: race Perrymon, Josh L. (Jul 10)
- RE: What about M$ in the shell: race Larry Seltzer (Jul 10)
- Re: What about M$ in the shell: race daniel uriah clemens (Jul 09)