Full Disclosure mailing list archives
Juniper Networks DLL Hijacking Vulnerability
From: musnt live <musntlive () gmail com>
Date: Thu, 9 Sep 2010 09:51:45 -0400
1. Overview Juniper Pix ASA is vulnerable to Windows DLL Hijacking Vulnerability. Version 1.3.37, Mitnick Build (latest available on 30th August 2010 was tested) is vulnerable. 2. Vulnerability Description Juniper Pix ASA is for hybrid firewall and passes insufficiently qualified path for the dll "mitnick.dll" while opening a file using command line interface Timeline 09-09-2010 - Discovered Vulnerability 09-09-2010 - Informed the developers 09-09-2010 - Response from developers "We is don't make this product" 09-09-2010 - Response from MusntLive "This is be hybrid new polish firewall from Rutkowska" 09-09-2010 - Response from developers "We understand she is a hybrid but this isn't out product" 09-09-2010 - Response from MusntLive "I must find all DLL's in world and make billion of advisories for MusntLive Security Pack" 09-09-2010 - Disclosure Free Rutkowska: The Transgender Equality Network Ireland (TENI) is seeking financial assistance for Mr. Rutkowska For more information call 085 108 3935 or contact The Cork Gay Project on 021 4278470. 3. Exploitability You must is be running Juniper Pix ASA 4. Versions Affected All 5. POC/Exploit Done with MusntLive Security Pack 6. Impact Remote Code Execution on Juniper Pix Asa 7. References http://tinyurl.com/musntlive 8. Solution Stop hybridding. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Juniper Networks DLL Hijacking Vulnerability musnt live (Sep 09)
- Message not available
- Re: Juniper Networks DLL Hijacking Vulnerability musnt live (Sep 10)
- Message not available