Re: [FD] Beginners error: Hewlett-Packards driver software executes rogue binary C:\Program.exe

On Wed, May 21, 2014 at 8:21 PM, Reindl Harald wrote: > 90 out of 100 security flaws in the past years where from the > category "hy should i bother about this and that, it is unlikely" > Nobody said anything about it being "unlikely". What's being argued is that if your bug requires ad-hoc condi

[FD] rcrypt packer/crypter writeup and POC tool

I've written and released a packer/crypter called rcrypt that might be fun for some of you to play around with. The latest public version is 1.4 although there is a functional 1.5 non public version currently in progress. The general summary is as follows: rcrypt is a Windows PE binary crypte

Re: [FD] [KIS-2014-06] Dotclear <= 2.6.2 (Media Manager) Unrestricted File Upload Vulnerability

Hi, These are cool. Here is a Metasploit module for the file upload. You seem to need the ability to publish as well the the ability to manage your own media. Feel free to edit as you would like and make a pull request! https://gist.github.com/brandonprry/efc0765c342a44a0dedb On Wed, May 21, 2

Re: [FD] Beginners error: Hewlett-Packards driver software executes rogue binary C:\Program.exe

C:\Program.exe is rarely an issue but other drives tend to have full ACL for Authenticated Users, so non-administrators can write to D:\Program.exe. If it is installed to that drive instead (e.g. primary drive is full/organisation has decided to organize file system that way) then the vulnerabil

Re: [FD] Beginners error: Hewlett-Packards driver software executes rogue binary C:\Program.exe

> 90 out of 100 security flaws in the past years where from the > category "hy should i bother about this and that, it is unlikely" If possible, I'd like to hear more about this. /mz ___ Sent through the Full Disclosure mailing list http://nmap.org/mai

[FD] XML Schema, DTD, and Entity Attacks: A Compendium of Known Techniques

Hi FD, We have released a new research paper which attempts to be the most comprehensive reference yet published on XXE attacks and related techniques. We hope the community finds this useful: http://vsecurity.com/download/papers/XMLDTDEntityAttacks.pdf Comments welcome. Cheers, tim @ecbftw

[FD] NULL page mitigations on Windows 8 x86

Apparently I'm being lured into pointless discussions today, so here's another. As I'm sure everyone is aware, Microsoft introduced basic NULL page mitigations for Windows 8 (both x86 and x64), and even backported the mitigation to Vista+ (On x64 only). There are some weaknesses, but this is a top

Re: [FD] Beginners error: Hewlett-Packards driver software executes rogue binary C:\Program.exe

Am 21.05.2014 20:12, schrieb Michal Zalewski: >> the existence of "C:\Program.exe" must not have any bad affect >> for any random installer not intending to execute this > > Sounds like a good goal. The installer probably also shouldn't play > obscene messages via PC speaker. If it did, it would

Re: [FD] Beginners error: Hewlett-Packards driver software executes rogue binary C:\Program.exe

"Michal Zalewski" wrote: >> the existence of "C:\Program.exe" must not have any bad affect >> for any random installer not intending to execute this > > Sounds like a good goal. Yes. Not just for any random installer, but for any Windows program.

[FD] [KIS-2014-07] Dotclear <= 2.6.2 (categories.php) SQL Injection Vulnerability

-- Dotclear <= 2.6.2 (categories.php) SQL Injection Vulnerability -- [-] Software Link: http://dotclear.org/ [-] Affected Versions: Version 2.6.2 and probably prior versions

[FD] [KIS-2014-06] Dotclear <= 2.6.2 (Media Manager) Unrestricted File Upload Vulnerability

Dotclear <= 2.6.2 (Media Manager) Unrestricted File Upload Vulnerability [-] Software Link: http://dotclear.org/ [-] Affected Versions: Version 2.6

[FD] [KIS-2014-05] Dotclear <= 2.6.2 (XML-RPC Interface) Authentication Bypass Vulnerability

- Dotclear <= 2.6.2 (XML-RPC Interface) Authentication Bypass Vulnerability - [-] Software Link: http://dotclear.org/ [-] Affected Versions: Version

Re: [FD] Beginners error: Hewlett-Packards driver software executes rogue binary C:\Program.exe

> the existence of "C:\Program.exe" must not have any bad affect > for any random installer not intending to execute this Sounds like a good goal. The installer probably also shouldn't play obscene messages via PC speaker. If it did, it would be undesirable and probably considered a bug. Now, in

Re: [FD] Beginners error: Hewlett-Packards driver software executes rogue binary C:\Program.exe

"Tavis Ormandy" wrote: > "Stefan Kanthak" wrote: > >> Hi @ll, >> >> several programs of the current Windows 7 driver software for the "HP >> OfficeJet 6700" multifunction device execute a rogue program >> C:\Program.exe >> >> > > It sounds like a bug, but why is this a security issue? It's a Do

Re: [FD] Beginners error: Hewlett-Packards driver software executes rogue binary C:\Program.exe

Am 21.05.2014 19:39, schrieb Tavis Ormandy: > 1. The users who do not have Administrator privileges; These users > cannot exploit this issue, because they can't write to C:\ > 2. The users who do have Administrator privileges. These users can > write to C:\, but why bother, they're already Admini

Re: [FD] A way to trigger CVE-2014-1322 (userspace read kernel pointer)?

Just to clarify if getting 0x0 means it's patched, how can I verify that it's leaking legit kernel pointer when it's non-zero? best, keira On Tue, May 20, 2014, at 03:31 PM, Christian Mayer wrote: > Yes and no. > > On the first machine (OS X 10.9.2 (13C1021)) I got no pointer. Compiled > with Ap

Re: [FD] Beginners error: Hewlett-Packards driver software executes rogue binary C:\Program.exe

If the fix is trivial, I'd rather fix it, regardless of the conclusion of "security-or-not" pissing match. I partially agree with Travis in the ACL argument, but also would like to note that half of humanity logs in a Windows machine as Administrator, as well as clicks on hyperlinks that purport t

Re: [FD] Beginners error: Hewlett-Packards driver software executes rogue binary C:\Program.exe

It's very limited use. But it is a vulnerability. . If an Unprivileged user can write to the root of c: but NOT to any sensitive subdirectory they can't do much harm. This allows them a route to escalate their priveleges. Admittedly. .. for a user to be able to write to c but not write to Windo

Re: [FD] Beginners error: Hewlett-Packards driver software executes rogue binary C:\Program.exe

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 A filesystem is strong I completely agree, another program running as admin that has access to it might be not. Imagine that program can just dump NEW files everywhere (service exploitable I dunno) Now there's a way to abuse it to put a backdoor in C

Re: [FD] Beginners error: Hewlett-Packards driver software executes rogue binary C:\Program.exe

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I really don't get those kind of arguments. If there's a risk that combined with some other flaw that can be exploited later (dunno, dropping NEW exe in the root for eg.), fix the risk. Security is not thinking, nh should be ok nobody can touch t

Re: [FD] Beginners error: Hewlett-Packards driver software executes rogue binary C:\Program.exe

On 21 May 2014 10:01, coderaptor wrote: > If the fix is trivial, I'd rather fix it, regardless of the conclusion > of "security-or-not" pissing match. There are enough bugs in any non-trivial program to keep every developer busy for life, which is why it's so important to classify issues in order

Re: [FD] Beginners error: Hewlett-Packards driver software executes rogue binary C:\Program.exe

On 21 May 2014 02:13, Project Un1c0rn wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > I really don't get those kind of arguments. > It's simple, if your exploit requires Administrator access, then it's probably not a security issue. Filesystem ACLs are a supported security boundary,

[FD] SEC Consult SA-20140521-0 :: Multiple critical vulnerabilities in CoSoSys Endpoint Protector 4

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 SEC Consult Vulnerability Lab Security Advisory < 20140521-0 > === title: Multiple vulnerabilities product: CoSoSys Endpoint Protector 4 vulnerable v