Nmap Development mailing list archives
Re: nmap potentially vulnerable to Windows DLL Hijacking
From: David Fifield <david () bamsoftware com>
Date: Sat, 4 Sep 2010 20:28:16 -0600
On Sat, Sep 04, 2010 at 08:35:57PM +0530, Nikhil Mittal wrote:
I cannot find where to download the latest commit. Do I need rights to check out nmap SVN??
Follow the instructions at http://nmap.org/book/install.html#inst-svn. svn co --username guest --password "" svn://svn.insecure.org/nmap
Also, request your consent to publish it on Bugtraq/Full Disclosure.
You can write what you like, but there is no vulnerability here, at least as far as I understand DLL hijacking. Even though Nmap loads airpcap.dll with an insufficiently qualified path (through WinPcap), its lack of file name extension associations means that an attacker doesn't have a way to get control over the current directory. I do thank you for bringing this to our attention. Even though Nmap does not make file name extension associations now, it might have become vulnerable if such associations were added in the future. Also keep in mind that I have only personally checked nmap.exe and zenmap.exe so far. I would appreciate help testing the other programs, and independent confirmation of what I have already tested. David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- nmap potentially vulnerable to Windows DLL Hijacking Nikhil Mittal (Aug 31)
- Re: nmap potentially vulnerable to Windows DLL Hijacking Rob Nicholls (Aug 31)
- Re: nmap potentially vulnerable to Windows DLL Hijacking David Fifield (Sep 03)
- Message not available
- Re: nmap potentially vulnerable to Windows DLL Hijacking David Fifield (Sep 04)
- Re: nmap potentially vulnerable to Windows DLL Hijacking David Fifield (Sep 03)
- Re: nmap potentially vulnerable to Windows DLL Hijacking Rob Nicholls (Aug 31)
- <Possible follow-ups>
- Re: nmap potentially vulnerable to Windows DLL Hijacking Nikhil Mittal (Sep 05)