Penetration Testing mailing list archives
Re: LSADump2 Crashing Systems
From: Nicolas RUFF <nicolas.ruff () gmail com>
Date: Fri, 16 Sep 2005 17:07:48 +0200
Hello, After investigating deeper, I found several problems in LSADUMP2 : - Buffers too small (300 bytes for the smallest) - Allocated memory not flagged as executable (that is why LSADUMP2 is not compatible with the NX flag) - Reuse of freed memory Here is a small patch that has been tested sucessfully on Windows XP SP2 with DEP "AlwaysOn" enabled (where LSADUMP2 failed). Regards, - Nicolas RUFF Security researcher @ EADS-CCR --------------------------------------------------------------- diff lsadump2/dumplsa.c lsadump3/dumplsa.c 34a35
#define BUF_SIZE 1024
110c111 < char szBuffer[1000]; ---
char szBuffer[BUF_SIZE];
137c138 < TCHAR szBuffer[300]; ---
TCHAR szBuffer[BUF_SIZE];
189c190 < WCHAR wszSecret[500]; ---
WCHAR wszSecret[BUF_SIZE];
230c231 < char szSecret[500]; ---
char szSecret[BUF_SIZE];
242a244
lsaData = NULL;
diff lsadump2/lsadump2.c lsadump3/lsadump2.c 261c261 < MEM_COMMIT, PAGE_READWRITE); ---
MEM_COMMIT, PAGE_EXECUTE_READWRITE);
------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
Current thread:
- LSADump2 Crashing Systems oh face (Sep 02)
- Re: LSADump2 Crashing Systems Petr Merta (Sep 03)
- <Possible follow-ups>
- RE: LSADump2 Crashing Systems Ghetti, Tim (Sep 11)
- Re: LSADump2 Crashing Systems RCS (Sep 12)
- Re: LSADump2 Crashing Systems Nicolas RUFF (Sep 16)
- Re: LSADump2 Crashing Systems oh face (Sep 23)
- Re: LSADump2 Crashing Systems Andrew Clarke (Sep 26)
- Re: LSADump2 Crashing Systems RCS (Sep 12)