Full Disclosure mailing list archives
Re: Beginners error: Hewlett-Packards driver software executes rogue binary C:\Program.exe
From: Project Un1c0rn <project.un1c0rn () yandex com>
Date: Wed, 21 May 2014 17:31:32 +0200
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 A filesystem is strong I completely agree, another program running as admin that has access to it might be not. Imagine that program can just dump NEW files everywhere (service exploitable I dunno) Now there's a way to abuse it to put a backdoor in C:\Program.exe in HP included related drivers. Or I could be mistaken, but I see every security as weak as its weakest point. On 05/21/2014 03:57 PM, Tavis Ormandy wrote:
On 21 May 2014 02:13, Project Un1c0rn <project.un1c0rn () yandex com> wrote:-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I really don't get those kind of arguments.It's simple, if your exploit requires Administrator access, then it's probably not a security issue. Filesystem ACLs are a supported security boundary, being able to defeat them would be a legitimate and important vulnerability. Inventing attacks that require them to fail as a pre-requisite is like saying "If you can modify /etc/passwd, then...". Hopefully you agree that using your Administrator access to replace or modify system files or settings is not a security issue.If there's a risk that combined with some other flaw that can be exploited later (dunno, dropping NEW exe in the root for eg.), fix the risk.The bug would be being able to defeat filesystem ACLs; if you have a way of doing that without Administrator access, you have a security bug. That doesn't need to be combined with anything else, it's a serious vulnerability.Security is not thinking, naaaah should be ok nobody can touch that dir ... or noooo plain text passwords are OK because my db is on a private network ... Damn it ... No kidding there's thousands of systems out there vulnerable because they think cloudflare protects them. Think for yourself ... Hackers don't take you with one single point of failure, they combine them.Uh, Thanks, I'll keep that in mind.- --------- Project Un1c0rn http://un1c0rn.net http://unicorntufgvuhbi.onion On 05/21/2014 06:10 AM, Tavis Ormandy wrote:"Stefan Kanthak" <stefan.kanthak () nexgo de> wrote:Hi @ll, several programs of the current Windows 7 driver software for the "HP OfficeJet 6700" multifunction device execute a rogue program C:\Program.exeIt sounds like a bug, but why is this a security issue? I can only imagine two possible scenarios 1. You've somehow made the root parition FAT32, in which case you're using a non-securable filesystem; Therefore not a security issue. 2. You've set a bad ACL on the root directory, therefore user error. If you believe otherwise, please post details, as that would be an interesting discovery. Tavis. _______________________________________________ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Icedove - http://www.enigmail.net/ iQIcBAEBAgAGBQJTfMbUAAoJEK+8lBMTEzs6yRMP/jS+Jg1lAf2Y8hZPb3M/bmXb Y5LzhPTXP1ASoYDE7edC5al6ljmDgQ8nrWd+0Z6p+EEOnoIXkOQ9TktAXWX52ABX yILSJwifyrODAjLMUt6H8zbyOU6ZSdIbKM1UI0FBG7JBl7fMeVO3cEV8sYW7YWCc HNQZheyhkwPNvDI+mUU5QoXDq54dK5/bVbbXZideakFcJDrQj6RQ1LGS6hESXTrA lnAZB+QfwTDrVGGaffXAscEIaCSTbU3ZaBZl9sEtoA8wkCjT7FQGj8W4YoFhHq/w 884Z+/20RBm/CmV33vswDrGZZMsKXdt/qyx39viGeR0/hnLgovG1AgUILiaKx1I5 pUy+FIfIieHxv5FzTshBg7LI9EoDOQrUU+qF/qyXV3a0o7w8C/GufHqfHwWiPhFm 9irscbgMZlyyoyomh69j+9KecCR4SrDdhDNxBccRXGL7BTchoG6fdE5cmBt1PoNw LlTumzXl/FH/ZT5rfm7/SnrlJvpAv1M6yLM+O4DPyQDPyngepYUc94k8uXwBeec5 hAwMoEPll0F4m2XfyflV7/0x3kYFgWhBA6PBbGRh8n09/cw69S+I/09eCDhsCOKo MlM+ONMq53WfrUiLKOLu1U0QmUSSLoFD8CnFlcCxrsrugdwwuzCp3KaEFIo9j8z9 AOq6iIyeYrh8FLY/0B1k =myN8 -----END PGP SIGNATURE----- _______________________________________________ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Current thread:
- Beginners error: Hewlett-Packards driver software executes rogue binary C:\Program.exe Stefan Kanthak (May 20)
- Re: Beginners error: Hewlett-Packards driver software executes rogue binary C:\Program.exe Tavis Ormandy (May 20)
- Re: Beginners error: Hewlett-Packards driver software executes rogue binary C:\Program.exe Project Un1c0rn (May 21)
- Re: Beginners error: Hewlett-Packards driver software executes rogue binary C:\Program.exe Tavis Ormandy (May 21)
- Re: Beginners error: Hewlett-Packards driver software executes rogue binary C:\Program.exe Project Un1c0rn (May 21)
- Re: Beginners error: Hewlett-Packards driver software executes rogue binary C:\Program.exe coderaptor (May 21)
- Re: Beginners error: Hewlett-Packards driver software executes rogue binary C:\Program.exe Tavis Ormandy (May 21)
- Re: Beginners error: Hewlett-Packards driver software executes rogue binary C:\Program.exe Reindl Harald (May 21)
- Re: Beginners error: Hewlett-Packards driver software executes rogue binary C:\Program.exe Michal Zalewski (May 21)
- Re: Beginners error: Hewlett-Packards driver software executes rogue binary C:\Program.exe Stefan Kanthak (May 21)
- Re: Beginners error: Hewlett-Packards driver software executes rogue binary C:\Program.exe Reindl Harald (May 21)
- Re: Beginners error: Hewlett-Packards driver software executes rogue binary C:\Program.exe Michal Zalewski (May 21)
- Re: Beginners error: Hewlett-Packards driver software executes rogue binary C:\Program.exe Mario Vilas (May 21)
- Re: Beginners error: Hewlett-Packards driver software executes rogue binary C:\Program.exe Project Un1c0rn (May 21)
- Re: Beginners error: Hewlett-Packards driver software executes rogue binary C:\Program.exe Tavis Ormandy (May 20)
- Re: Beginners error: Hewlett-Packards driver software executes rogue binary C:\Program.exe coderaptor (May 22)