Microsoft Windows 2000/XP/2003/Vista ReadDirectoryChangesW informaton leak

Title: Microsoft Windows 2000/XP/2003/Vista ReadDirectoryChangesW informaton leak Author: 3APA3A, Affected: Microsoft Windows 2000,XP,2003,Vista Exploitable: Yes Type: Remote from local network, authentication required NULL session was not tested. Class: Information leak CVE: Intro: It's very...

Security aspects of time synchronization infrastructure

A large number of services on modern corporate network require time to be synchronized within network or with absolute time and may fail if there are any problems with time synchronization. Below are just few examples of services and required time precision. For synchronization within network:...

ICQLite executable trojaning

Title: ICQ Lite executable trojaning Affected: ICQLite 2003a Vendor: ICQ Inc Risk: Average Exploitable: Yes Remote: No I. Intro: ICQ Lite is popular internet messenger software. This is only ICQ version which requires no elevated privileges such as Power User to work, so, it's often used by...

Bypassing content filtering

There are common methods allowing to bypass almost any content filtering software antiviral products, CVP firewalls, mail attachment filters, etc. I believe multiple products are vulnerable. Contents: I. Bypassing attachment detection or invalid detection of attachment type. 1. Encoded filename o...

AntiAntivirus (Internet can be ruined by antivrus)

Will AntiVirus ruin the Internet? 3APA3A security.nnov.ru Dmitry Leonov bugtraq.ru Alex Exler exler.ru Alexander Dilevsky yandex.ru Alexander Antipov securitylab.ru Ilya Medvedovsky dsec.ru Vladislav Myasnyankin BugTraq.Ru The seemingly uncomplicated mail worm Sobig.f broke all distribution...

Buffer overflow in Far Manager

Title: Buffer overflow in Far Manager Author: ZARAZA Affected: Far Manager 1.70beta1 and prior saved EIP overflow 1.70beta4 off-by-one frame pointer overflow Vendor: RARSoft Risk: Average local code execution Exploitable: Yes Remote: No Vendor Notified: January, 30 2003 I. Introduction: FAR is mo...

Multiple archivers directory traversal and path globbing

Topic: Directory traversal and path globbing in multiple archivers Author: 3APA3A Affected Software: GNU tar = 1.13.19, Info-Zip UnZip = 5.42, RARSoft rar = 2.02, PKWare pkzipc = 4.00 Not affected: rar 2.80, WinZIP 8.0 Risk: low/average Released: July, 2, 2001 SECURITY.NNOV advisories:...

Hewlett-Packard Network Node Manager 7.50 Remote Console weak files permissions

Vendor: Hewlett-Packard Application: Network Node Manager 7.50 Remote Console under Microsoft Windows XP SP2. Vulnerability: Local Vulnerability Level: High Author: 3APA3A , Impact: privilege escalation of any unprivileged user to Local System or another user's account. Intro: NNM Remote Console ...

Microsoft Windows Vista/2003/XP/2000 file management security issues

Title: Microsoft Windows Vista/2003/XP/2000 file management security issues Author: 3APA3A, http://securityvulns.com/ Vendor: Microsoft and potentially another vendors Products: Microsoft Windows Vista/2003/XP/2000, Microsoft resource kit for Windows 2000 and different utilities. Access Vector:...

What else can be ruined by antivirus?

What else will ruin AntiViruses? I have always been pleased with the "professionalism" of antivirus developers in everything, except for the viruses themselves take, for example, the same work with e-mail, whose standards are not followed by any of the manufacturers of anti-virus software. Anothe...

The Bat! X-BAT-FILES

"The Bat!" by RitLabs is extremely convenient mail agent with a lot of features for Windows platforms. One of "The Bat!" features is storing files attached to e-mail messages apart from messages bodies. In this case "The Bat!" puts attached files in preconfigured folder and removes according MIME...

Multiple archivers special DOS/Windows devices access

Topic: Special devices access in multiple archivers Author: 3APA3A Platform: Windows Affected Software: WinZIP Computing's WinZIP 8.0, PKWare PkZip 4.0, RARSoft WinRar 2.80 Risk: average Released: July, 5, 2001 SECURITY.NNOV advisories: http://security.nnov.ru/advisories Background: Archive...

Microsoft Visual C++ 8.0 standard library time functions invalid assertion DoS (Problem 3000)

Title: Microsoft Visual C++ 8.0 standard library time functions invalid assertion DoS Problem 3000. Product: Visual Studio 2005 Vendor: Microsoft Vulnerability class: Denial of Service Remote: application dependant, remote vector is possible CVE: CVE-2007-0842 Author: 3APA3A,...

Microsoft Outlook Express address book vulnerability

Issue : Outlook Express address book allows messages to be intercepted by 3rd party Date Released : 16 March 2001 Vendor Notified : 16 March 2001 Affected : Outlook Exress 5.5SP1 and prior Risk : Low/Average Discovered : 18 December 2000 by 3APA3A Remotely Exploitable : Yes Vendor URL :...

ANDR : Buffer overflow attacks

Buffer overflow attacks Andrey Kolischak November, 1999 Buffer overflow attacks Buffer overflows is the name of the most common software security vulnerability. The first attack using this vulnerability was used in the Morris worm in 1988. Since then, their number has increased every year...

"mirror" directory traversal

mirror is a Perl script which is widely used for making copy of remote FTP site. It's included in FreeBSD packages. There are security holes, which allows overwrite local files from remote ftp site with permissions of the user who uses mirror. Then retrieving directory listing mirror doesn't chec...

Vulnerabilities in multiple RADIUS clients and servers

Topic : Vulnerabilities in multiple RADIUS clients and servers Author : 3APA3A Released : December, 18 2001 Affected Software : Lucent/Livingston RADIUS 3= 2.1 12? Cistron 3= 1.6.4 12 Cistron 1.6.5 2 XtRadius 3= 1.1-pre1 12 FreeRADIUS 3= 0.3 12 ICRadius 3= 0.18.1 12 YARD Radius 3= 1.0.19 12 Ascen...

JanaServer multiple vulnerabilities

Title: Multiple vulnerabilities in JanaServer Author: ZARAZA Date: July, 22 2002 Affected: JanaServer 2.2.1 and prior JanaServer 1.46 and prior Vendor: Thomas Hauck Risk: High critical if some services, for example HTTP, are available from public interface Remote: yes Exploitable: yes Vendor...

Backup implementation

Backup implementation I. Intro II. Tools III. Strategy Well, now let's talk about how to live with all this correctly. The backup process consists of three stages: planning, implementation and support. We have already talked a little about support and implementation, but planning is the most...

using named pipes for local privilege escalation

Digital Scream August, 2003 Using named pipes for local privilege escalation For Phrack magazine 61 Operating systems created by Microsoft in recent years several years old, based on the Windows NT kernel. This decision is positive affected the security of released operating systems, relatively...

Backup implementation

Backup implementation I. Intro II. Tools III. Strategy We study the tools. System utilities for copying files. In the simplest case, to create a replica of the file structure, you can, of course, use the copy command on Windows and cp or rcp on nix. However, there are many questions that these...

Bypassing client application protection techniques

Topic: Bypassing client application protection techniques Category: Protection bypass Affected products: CheckPoint VPN-1TM & FireWall-1R NG with Application Intelligence R55 HFA 9 Microsoft Windows XP SP2 Agnitum Outpost Pro 2.1, 2.5 Tiny Firewall Pro v6.0.100 ZoneAlarm Pro with Web Filtering...

Sambar Server all versions password decoding

Topic: Sambar Server all versions password decoding Author: 3APA3A SECURITY.NNOV advisories: http://www.security.nnov.ru/advisories Vulnerable: All Sambar versions up to 5.0 beta Impact: passwords can be decoded back to cleartext Vendor URL: http://www.sambar.com Released: 24 July 2001 Credits:...

WIDER : Social Engineering

Social engineering Professional programming Sequential hack one. Introduction 2. social engineering 3. Extraction of information. Social engineering. Sequential hack. four. Finding and processing information. 5. Some ways to divorce people. 6. Human denial of service HDoS 7. Advanced methods...

Interview:w00w00

w00w00 One of the first to respond to a request for an interview was w00w00 pronounced "woo-woo", their website . A group highly respected among those who are interested in security issues - they have discovered a lot of holes in security systems, many interesting tactics of hacker attacks. The...

Integer overflow:attack

Digital Scream January, 2003 Integer overflow: attack Hello! Recently, the number of people involved in IT security has grown significantly. Consequently, there was a breakthrough in the implementation of some attacks... And that is why this article is about a new type of Integer Overflow attack...

KAV (AVP) for sendmail format string

Topic: Format string vulnerability in AVP for sendmail Author: 3APA3A Affected Software: KAV for sendmail 3.5.135.2 Vendor: Kaspersky Lab Vendor Notified: 30 May 2001 Risk: High/Average Remotely Exploitable: Yes Impact: DoS/Remote root compromise Released: 06 June 2001 Vendor URL:...

Backup implementation

Organization Backup I. Intro Let's start by cramming terms and definitions. Backup backup, b4kup or in the common folk backup we will call an asynchronous, in relation to modification, process of creating a copy of stored information data, which allows you to restore the previous state of the dat...

ANDR : Windows NT stack overflow attacks

Stack overflow attacks on Windows NT Andrey Kolischak Stack Overflow Attacks in Windows NT Today, software vulnerabilities related to the so-called stack overflow are one of the main problems of system administrators. On the mailing lists and whistleblowers devoted to software security breaches,...

multiple applications fd_set structure bitmap array index overflow

Issue: Multiple applications fdset structure bitmap array index overflow Type: remote Date: December, 12 2004 Original URL: http://www.security.nnov.ru/advisiories/sockets.asp Author: 3APA3A URL: http://www.security.nnov.ru/ Affected: gnugk 2.2.0 confirmed, fixed by vendor gnugk is OpenH323...

unsafe fgets() in sendmail's mail.local

Topic: unsafe fgets in sendmail's mail.local Description: There are 4 problems: 1. Possibility to insert LMTP commands into e-mail message 2. Possibility of deadlock between sendmail and mail.local 3. Possibility to corrupt user's mailbox 4. Possibility to change e-mail headers of the message in...

Is backup required?

Do you need Backup? Introduction. Main features of backup. Risks. RAID. Cluster systems. Shadow copy. Version control systems. Application level recovery. Backup security. Version control systems Modern version control systems such as CVS, Subversion, or commercial products can and sometimes quit...

ANDR : Format String Vulnerability

Format string vulnerability Andrey Kolischak March, 2001 [email protected] Format string vulnerability It is no secret that most of the software, in addition to specific vulnerabilities, contains “holes” associated with an incorrect programming style. If some of these holes, such as buffer overflows,...

The Bat! directory traversal

Topic: The Bat! attachments directory traversal Author: 3APA3A Affected Software: The Bat! Version wish her good luck, she will need it : Background: The Bat! is extremely convenient commercially available MUA for Windows will be best one then problem will be fixed, I believe with lot of features...

unsafe fgets() in qpopper

Topic: unix mailbox parsing trouble in qpopper Software affected: qpopper 3.0 fc2 and probably others Description: malicious user can remotely post message with spoofed or incorrect headers including "Received:" one and in some cases bypass virus checking. This can be used for sending trojans or ...

Netscape 4.7x information retrival

Author : 3APA3A Affected software : Netscape 4.7x All Platforms Vendor : Netscape IPlanet Risk : Low Remotely Exploitable : Yes Released : 30 May 2001 Vendor URL : http://www.netscape.com SECURITY.NNOV advisories: http://www.security.nnov.ru/advisories Background: Netscape Messanger uses internal...

Is backup required?

Do you need Backup? Introduction. Main features of backup. Risks. RAID. Cluster systems. Shadow copy. Version control systems. Application level recovery. Backup security. The introduction of any technology is associated with costs and risks in one way or another. This applies to backup as much a...

High performance Windows file server

A powerful file server for Windows No part - reflections without memories. Without further ado, let's start by thinking about what a file server is, how it functions, and what we need to make a file server as fast as possible, for example, to make the most of our gigabit network. At first glance,...

Kaspersky Antivirus DoS

Title: Kaspersky Antivirus DoS Author: ZARAZA Affected: Kaspersky Antivirus 4.0.9.0 Server and Workstation version on Windows NT 4.0 and Windows 2000. Vendor: Kaspersky Lab Date: January, 30 2003 Risk: Average Exploitable: Yes Remote: Yes for server versions Vendor Notified: January, 30 2003 I...

stream3 flood attack

Topic: Windows NT/2000 DoS via stream3 flood attack Authors: Dark Zorro , Error Date: 2 December 2000 yes... it's old Vendor Informed: 2 December 2000 Software affected: Windows NT 4.0, Windows 2000 Risk: Low Remote: Yes Exploitable: Yes SECURITY.NNOV advisories:...

Interview:USSR

USSR Labs USSR Labs their website , their slogan is "USSR is back", that is, "USSR is back", their symbol is a bulldog in a strict collar broke into the world of computer security relatively recently, but very decisive. Somewhere, probably last fall interview taken in 2000 - editor's note, they...

Network protocols security: View from client side

Security of Common Application Network Protocols: A Client's Perspective Having received an offer to write an article about the security of network protocols and their vulnerabilities, at first I wanted to refuse - it seems that everything that can be written on this topic has already been writte...

Information leak from client application with technical information

Data leakage through service information and network protocol in the client application. When exchanging information, you are always transmitting data. However, at different levels everyone remembers ISO/OSI?, service information is added to your data. What is this information, what can it say...

Buffer overflow/DoS against cmd.exe for Windows NT 4.0/2000

Title: Buffer overflow/DoS against cmd.exe for Windows NT 4.0/2000 Author: ZARAZA Affected: Microsoft Windows NT 4.0 buffer overflow Microsoft Windows 2000 DoS Vendor: Microsoft Risk: Average for Windows NT 4.0 Low for Windows 2000 Exploitable: Yes Remote: No Vendor Notified: January, 30 2003 I...

File locking and security

Topic : File locking and security Author : 3APA3A Affected software : Windows NT 4.0, Windows 2000 and may be another systems Exploitable : Yes Remotely exploitable : No Category : Design flaw Background: Application can lock the file after file description is open by application or in open call...

3APA3A : Using FTP protocol weaknesses

How to exploit bugs in the implementation of the FTP protocol David Sacerdot, in his article on the vulnerability of the FTP protocol and dated as early as April 1996, theoretically the vulnerability of the FTP protocol if it is incorrectly implemented. Two points are interesting in the article,...

Panda Platinum Internet Security 2006/2007 privilege escalation and bayesian filter control

Title: Panda Platinum Internet Security 2006/2007 privilege escalation and bayesian filter control security vulnerabilities Author: 3APA3A Vendor: Panda Software Product: Panda Platinum Internet Security 2006 10.02.01 Panda Platinum Internet Security 2007 11.00.00 Panda Antivirus was not tested...

Courier CPU exhaustion

Title: Courier CPU exhaustion Author: ZARAZA Date: May, 31 2002 Affected: courier-0.38.1 Vendor: Double Precision, Inc. Risk: Low to average Remote: Yes Exploitable: Yes Vendor notified: May, 20 2002 Product URL: http://www.courier-mta.org SECURITY.NNOV URL: http://www.security.nnov.ru Advanced...

The Bat! <cr> bug

SECURITY.NNOV URL: http://www.security.nnov.ru/advisories Topic: The Bat! bug Application: The Bat! 1.51 latest Vendor: RitLabs Category: Denial of Service Risk Factor: Low Remote: Yes Vendor Contacted: 13.04.2001 Software URL: http://www.thebat.net Vendor URL: http://www.ritlabs.com +Introductio...

MS IE5 + ftp proxy

Problem: IE5 doesn't use proxy for FTP connection if option "Enable folder view for FTP sites" is checked. This option is checked by default. Configuration: tested in 2 configurations: 1. Windows NT 4.0 wrkst + SP5 + IE5.0 2. Windows NT 4.0 wrkst + SP6a + IE5.01 both has a problems. There is no...