Full Disclosure mailing list archives
Re: Nmap NOT VULNERABLE to Windows DLL Hijacking Vulnerability
From: paul.szabo () sydney edu au
Date: Thu, 9 Sep 2010 13:08:36 +1000
jf <jf () ownco net> wrote:
I still don't see how this is really MSFTs fault. I mean ...theres a fairly clear warning on MSDN for LoadLibrary & SearchPath ...
Do not confuse: SearchPath is not the issue. Yes, there is a warning, which is recent: http://blogs.technet.com/b/srd/archive/2010/08/23/more-information-about-dll-preloading-remote-attack-vector.aspx ... we recognize that this guidance may not always have been very clear. We recently published an MSDN article, "Dynamic-Link Library Security" that provides specific guidance ... and that says: http://msdn.microsoft.com/en-us/library/ff919712(VS.85).aspx Consider removing the current directory from the DLL search path by calling SetDllDirectory with an empty string (""). If the default would have been "no current dir in search path" (but apps would have needed to specifically add it if they really wanted to), then there would be no issue. Shame that some MS apps (Powerpoint maybe?) are affected. --- jf <jf () ownco net> wrote:
An "exploit scenario" for nmap ...Yeah, good luck with that.
Rohit Patnaik <quanticle () gmail com> wrote:
One problem with your scenario: any person sophisticated enough ...
Did I say that my "nmap exploit" was likely to succeed? Most home users do not have nmap. Any person sophisticated enough, will just delve into the source and fix it himself. Cheers, Paul Paul Szabo psz () maths usyd edu au http://www.maths.usyd.edu.au/u/psz/ School of Mathematics and Statistics University of Sydney Australia _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- nmap <= 5.21 is vulnerable to Windows DLL Hijacking Vulnerability. Nikhil Mittal (Sep 06)
- Re: Nmap NOT VULNERABLE to Windows DLL Hijacking Vulnerability Fyodor (Sep 08)
- Re: Nmap NOT VULNERABLE to Windows DLL Hijacking Vulnerability paul . szabo (Sep 08)
- Re: Nmap NOT VULNERABLE to Windows DLL Hijacking Vulnerability jf (Sep 09)
- Re: Nmap NOT VULNERABLE to Windows DLL Hijacking Vulnerability paul . szabo (Sep 08)
- Re: Nmap NOT VULNERABLE to Windows DLL Hijacking Vulnerability Rohit Patnaik (Sep 08)
- Re: Nmap NOT VULNERABLE to Windows DLL Hijacking Vulnerability jf (Sep 09)
- Re: Nmap NOT VULNERABLE to Windows DLL Hijacking Vulnerability paul . szabo (Sep 08)
- Re: Nmap NOT VULNERABLE to Windows DLL Hijacking Vulnerability Pavel Kankovsky (Sep 18)
- Re: Nmap NOT VULNERABLE to Windows DLL Hijacking Vulnerability Thor (Hammer of God) (Sep 18)
- Re: Nmap NOT VULNERABLE to Windows DLL Hijacking Vulnerability paul . szabo (Sep 08)
- Re: Nmap NOT VULNERABLE to Windows DLL Hijacking Vulnerability Fyodor (Sep 08)
- Re: Nmap NOT VULNERABLE to Windows DLL HijackingVulnerability Stefan Kanthak (Sep 14)