Full Disclosure mailing list archives
Re: n3td3v agenda & Solid Information Security State Release 0012a
From: "Kurt Dillard" <kurtdillard () msn com>
Date: Fri, 4 Apr 2008 12:20:56 -0300
Whether or not the vulnerability exists as described this email is laughable. Addressing it to "world leaders" shows everyone you're a self-deceiving egomaniac. Complaining that the NSA, CIA, and FBI didn't respond to your ravings makes perfect sense for 3 reasons: first, nobody takes such poorly written rants seriously. Second, those agencies don't to collect vulnerability data, that's the job of DHS and NIST with their NVD and US-CERT projects. Third, I've worked with a lot of federal agencies and none of them use this software, why would they when a perfectly usable remote assistance technology is already built into Windows? Oh, and by the way, employees at those agencies can't install the software themselves because their desktops are locked down and they don't have admin privileges. -----Original Message----- From: full-disclosure-bounces () lists grok org uk [mailto:full-disclosure-bounces () lists grok org uk] On Behalf Of Micheal Turner Sent: Friday, April 04, 2008 11:48 AM To: full-disclosure () lists grok org uk Subject: [Full-disclosure] n3td3v agenda & Solid Information Security State Release 0012a n3td3v agenda & Cyber Security group ==================================== Solid Information Security State Release #0012a MARKING: RESTRICTIONS APPLY. FAO: WORLD LEADERS == Introduction == Serious high-risk ultra critical vulnerability has been identified in Remote Help application that maybe used by CIA, NSA and FBI employees when helping colleagues on anti-terror campaigns.RemoteHelp is a minimal http server that allows to view and control a remote pc running a 32-bits version of Microsoft Windows. current version is 0.0.6 and runs stand-alone or installs as a service. == URL == http://sourceforge.net/projects/remotehelp/ == HISTORY == After n3td3v agenda emailed the NSA, SANS and all information security groups and was found not to be taken seriously. High risk proof of concept exploit code has been authored for severe vulnerability in Remote Help application which maybe used by any number of Yahoo!, Google!, Ebay! or NSA employees. This vulnerability gives rise to serious national infrastructure risk and should not be under estimated! == Proof of Concept == I found a vulnerability in the pages.c file which generates the login page dialog and authenticates a user after it checks if your "user" and "pass" parameter match the defaults (user/default) it does this: strncpy(cookie,"user=default; path=/; expires=Sun, 11-May-2030 22:11:40 GMT",1024); for a valid login and for an invalid login it sets an expired cookie like so; strncpy(cookie,"user=default; path=/; expires=Sun, 11-May-1970 22:11:40 GMT",1024); all you have to do is add "Cookie: user=default; path=/; expires=Sun, 11-May-2030 22:11:40 GMT" to your HTTP request and you can bypass authentication to the Remote Help server and access the filesystem/exec commands/view the webcam of the hosts running it. == Credit == n3td3v & documentation help by Michael Turner. "Never trust your employees." ___________________________________________________________ Yahoo! For Good helps you make a difference http://uk.promotions.yahoo.com/forgood/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- n3td3v agenda & Solid Information Security State Release 0012a Micheal Turner (Apr 04)
- Re: n3td3v agenda & Solid Information Security State Release 0012a Kurt Dillard (Apr 04)
- Re: n3td3v agenda & Solid Information Security State Release 0012 Ureleet (Apr 04)
- Re: n3td3v agenda & Solid Information Security State Release 0012 Razi Shaban (Apr 04)
- Re: n3td3v agenda & Solid Information Security State Release 0012 Ureleet (Apr 05)
- Re: n3td3v agenda & Solid Information Security State Release 0012 Razi Shaban (Apr 04)