Bugtraq mailing list archives

Re: RFP2K04: Mining BlackICE with RFPickAxe

From: andrew () NFR NET (Andrew Lambeth)
Date: Fri, 19 May 2000 14:16:51 -0400


rain forest puppy wrote:


--/ 3 / Forward thinking /------------------------------------------------

I discussed this point at CanSecWest.  BlackICE is not the only (security)
application that stores data in a Microsoft .mdb file.  So what does use
.mdb's?  Well, NT 4.0 WINS, DHCP, CyberCop, NFR-GUI (Windows client), etc.


No version of the NFR windows client has ever been in any way vulnerable
to any form or variation of the exploit discussed in this advisory.

The NFR windows client does not store any information in a Microsoft
.mdb file nor does it use Microsoft Access or Jet in any way.

You may have been confused by the fact that an earlier version of the
NFR client used ".mar" as a file extension for "Marked As Read" files.
These files were not in any way associated with Microsoft Access.  The
filename extension was changed some time ago to avoid such confusion.


--
Andrew Lambeth - Senior Software Engineer, Network Flight Recorder, Inc.

Current thread:

antisniff x86/linux remote root exploit, including "fixed" 1.02 version, (continued)
- - - antisniff x86/linux remote root exploit, including "fixed" 1.02 version Sebastian (May 16)
    - announce : Nessus 1.0 released Renaud Deraison (May 17)
    - RFP2K04: Mining BlackICE with RFPickAxe rain forest puppy (May 17)
    - FreeBSD Security Advisory: FreeBSD-SA-00:08.lynx [REVISED] FreeBSD Security Officer (May 17)
    - klogin remote exploit duke (May 17)
    - Re: RFP2K04: Mining BlackICE with RFPickAxe Robert Graham (May 17)
    - antisniff latest ("two times fixed") version still exploitable, l0phtl0phe-kid.c Sebastian (May 18)
    - Re: antisniff latest ("two times fixed") version still exploitable, l0phtl0phe-kid.c Mudge (May 18)
    - Re: RFP2K04: Mining BlackICE with RFPickAxe Matt (May 18)
    - AUX Security Advisory on Be/OS 5.0 (DoS) visi0n (May 17)
    - Re: RFP2K04: Mining BlackICE with RFPickAxe Andrew Lambeth (May 19)
    - Remote Dos attack against Intel express 8100 router Dimuthu Parussalla (May 18)
    - RFP2K05: NetProwler vs. RFProwler rain forest puppy (May 19)
    - Key Generation Security Flaw in PGP 5.0 gec () ACM ORG (May 23)
    - Filesystem vulnerability in AIX salme () US IBM COM (May 23)
    - Re: RFP2K05: NetProwler vs. RFProwler Pedro Quintanilha (May 23)
    - Security Vulnerability in Qpopper 2.53 (Upgrade to 3.0.2) Qpopper Support (May 23)
    - Remote xploit for MDBMS |[TDP]| (May 24)
    - HP Web JetAdmin Version 6.0 Remote DoS attack Vulnerability Ussr Labs (May 24)
    - Re: RFP2K04: Mining BlackICE with RFPickAxe rain forest puppy (May 19)
    - revised patches for kerberos vulnerability Tom Yu (May 19)

(Thread continues...)