Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Nmap NOT VULNERABLE to Windows DLL Hijacking Vulnerability

From: Nikhil Mittal <nikhil_uitrgpv () yahoo co in>
Date: Thu, 9 Sep 2010 23:34:55 +0530 (IST)
Nmap is not vulnerable.  DLL hijacking works because of an unfortunate
interaction between apps which register Windows file extensions and
the default Windows DLL search path used for those apps.  Nmap does
not, and never has, registered any Windows file extensions.  So it
isn't vulnerable to this issue.


Fyodor,
Nmap do load airpcap.dll from insufficiently qualified path. If you don't want it to call it a vulnerability, then it's 
your choice. But if you look at the issue its between apps and Windows DLL search path not only for the apps which 
register Windows file extensions.
Apps which register Windows file extensions are Exploitable by default while nmap is not.
So, according to me nmap is vulnerable but not exploitable by default. Please, try to figure out the difference b/w 
exploitability and vulnerability.

All,
You can and you should use nmap without any fear of getting exploited until you are stupid enough to open a file from a 
shared location using nmap. nmap _is_ safe to use.



Nikhil Mittal




_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: