Full Disclosure mailing list archives
nmap <= 5.21 is vulnerable to Windows DLL Hijacking Vulnerability.
From: Nikhil Mittal <nikhil_uitrgpv () yahoo co in>
Date: Sun, 5 Sep 2010 19:01:19 +0530 (IST)
1. Overview nmap <= 5.21 is vulnerable to Windows DLL Hijacking Vulnerability. 2. Vulnerability Description nmap passes insufficiently qualified path for the dll "airpcap.dll" while opening a file using nmap Timeline 27-08-2010 - Discovered Vulnerability 31-08-2010 - Disclosed at nmap-dev mailing list 04-09-2010 - Response and fix from developers 05-09-2010 - Disclosure 3. Exploitability A file extension needs to be registered with nmap to exploit the vulnerability and a crafted file needs to be opened from a network share. Currently nmap is not registered with any filename so users are not at risk by default. 4. Versions Affected nmap 5.21 and lower. 5. POC/Exploit Done with Webdav hijack module of Metasploit. 6. Impact Remote Code Execution in context of nmap process. 7. References http://seclists.org/nmap-dev/2010/q3/632 8. Solution Fixed in latest development release. Regards, Nikhil Mittal
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- nmap <= 5.21 is vulnerable to Windows DLL Hijacking Vulnerability. Nikhil Mittal (Sep 06)
- Re: Nmap NOT VULNERABLE to Windows DLL Hijacking Vulnerability Fyodor (Sep 08)
- Re: Nmap NOT VULNERABLE to Windows DLL Hijacking Vulnerability paul . szabo (Sep 08)
- Re: Nmap NOT VULNERABLE to Windows DLL Hijacking Vulnerability jf (Sep 09)
- Re: Nmap NOT VULNERABLE to Windows DLL Hijacking Vulnerability paul . szabo (Sep 08)
- Re: Nmap NOT VULNERABLE to Windows DLL Hijacking Vulnerability Rohit Patnaik (Sep 08)
- Re: Nmap NOT VULNERABLE to Windows DLL Hijacking Vulnerability jf (Sep 09)
- Re: Nmap NOT VULNERABLE to Windows DLL Hijacking Vulnerability paul . szabo (Sep 08)
- Re: Nmap NOT VULNERABLE to Windows DLL Hijacking Vulnerability Pavel Kankovsky (Sep 18)
- Re: Nmap NOT VULNERABLE to Windows DLL Hijacking Vulnerability Thor (Hammer of God) (Sep 18)
- Re: Nmap NOT VULNERABLE to Windows DLL Hijacking Vulnerability paul . szabo (Sep 08)
- Re: Nmap NOT VULNERABLE to Windows DLL Hijacking Vulnerability Fyodor (Sep 08)
- Re: Nmap NOT VULNERABLE to Windows DLL HijackingVulnerability Stefan Kanthak (Sep 14)