headers
Knud Erik Højgaard | 20 Feb 2002 00:13
Picon

Re: [SCSA-005] Proxomitron Naoko Long Path Buffer Overflow/DoS

Grégory Le Bras | Security Corporation wrote:
> .: Proxomitron Naoko Long Path Buffer Overflow/DoS :.
> ________________________________________________________________________
>
> Security Corporation Security Advisory [SCSA-005]
> ________________________________________________________________________

[snip]

> Sending a parameter with a buffer of 1024 bytes in length or more,
> causes Proxomitron Naoko to crash.
>
> This vulnerability can be easily exploited to execute code.
>
> Exploitation example :
>
> c:\Proxomitron>proxomitron AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
[snip A's]
> AAAAAAAAAAAAAAAAAAAA

Could you perhaps provide a real-world example where this might be used to
gain additional privileges? I fail to see the useful bit in this
vulnerability.

--
Knud

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
(Continue reading)

Permalink | Reply | 0 comments |
headers
Knud Erik Højgaard | 20 Feb 2002 01:01
Picon

Re: [SCSA-004] Vulnerability in Microsoft Windows XP

Grégory Le Bras | Security Corporation wrote:
> .: Vulnerability in Microsoft Windows XP :.
..
> Security Corporation Security Advisory [SCSA-004]
[snip]
>
> A vulnerability was found allowing an user of a restricted session to
> have access to private files belonging to any user of the machine,
> also the administrators.
>
>
> EXPLOIT
> ________________________________________________________________________
>
> The exploit is very simple, it is enough to install a httpd Server
> such as ©Apache. Put them on the disc where Windows Microsoft is
> installed as resources of the server. Connect you to the following
> address: http://localhost/
> The index of the disc thus appears to the screen.
> You can then cross the directory /documents and Setting/ and so to
> reach the private files.

How do you define a 'restricted session'? Would a user in a restricted
environment set up by you be able to install apache, but not be able to
browse the files of other users?

Has the apache by any chance been installed as a service running with SYSTEM
privileges?

--
(Continue reading)

Permalink | Reply | 0 comments |

Gmane