-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cmd.exe allow local (and sometimes remote) command execution
Infohacking Security Advisory 08.04.04 www.infohacking.com Aug 04, 2004 I. BACKGROUND We discovered a very dangerous local code execution vulnerability in all cmd`s. This issue can be exploited using Microsoft Windows (TM) in all his flavours and probably other Operating Sistems. II. DESCRIPTION Local explotation of this vulnerability can be achived by clicking start - - -> Run and typing: "cmd.exe" (Nt,2000,2003,XP) or "command" (w95 w98 wME) then just press enter. This option will display the black window who allow you entering commands inside, also you can type help... and several options will be displayed. Note for users with internet information server: You can put the cmd.exe into the c:\inetpub\wwwroot\scripts and then execute commands remotely HTTP://mypc/scripts/cmd.exe?/c+dir WOW! OH MY GOD! III. ANALYSIS A malicious user could execute arbitrary code and take the full control over the box with this high vulnerability. There is no patch... but we recomend strongly to disable cmd.exe deleting the file itself or removing execution perms. IV. DETECTION Infohacking has confirmed that all windows versions up to 3.11 are vulnerable to this issue. V. WORKAROUNDS No work.. indeed. VI. CVE INFORMATION This is an 0day bug... so still no bid and CVE. VII. DISCLOSURE TIMELINE 03/18/04 Hugo notified the bug to [EMAIL PROTECTED] 04/11/04 Initial vendor notification - no response 04/30/04 Secondary vendor notification - no response 05/20/04 We hack iberia.com (Hey look at me! im a hax0r and i want a job) 08/04/04 Public Disclosure VIII. CREDIT Hugo Vằuez Carapez http://www.infohacking.com/dirhugo.gif Get pwned by script kiddies? Call us, we can hack you again. IX. LEGAL NOTICES Copyright (c) 2004 INFOHACKING, Inc. Permission is granted for the redistribution of this alert electronically. It may not be edited in any way without the express written consent of INFOHACKING. If you wish to reprint the whole or any part of this alert in any other medium other than electronically, please email [EMAIL PROTECTED] for permission. Disclaimer: Infohacking is pretty whitehat and lame. If you are a part of the blackhat communitie, please hack and remove us from the net -----BEGIN PGP SIGNATURE----- Note: This signature can be verified at https://www.hushtools.com/verify Version: Hush 2.4 wkYEARECAAYFAkEQvd8ACgkQPMMEGI9aoaetaQCgpPIpKyvxva1McLMOd08poW1YcicA n05zo4e/bcqRm8vgnarvYPKblnA9 =TlfY -----END PGP SIGNATURE----- Concerned about your privacy? Follow this link to get secure FREE email: http://www.hushmail.com/?l=2 Free, ultra-private instant messaging with Hush Messenger http://www.hushmail.com/services-messenger?l=434 Promote security and make money with the Hushmail Affiliate Program: http://www.hushmail.com/about-affiliate?l=427 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
