From: Justin Ferguson (jfownco.net)
Date: Wed Sep 08 2010 - 17:45:10 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> and the default windows search > path […]

Correct me if I'm wrong here, but my understanding is that it has nothing to do with the default search path, but rather applications using a search path that differs from the default loadlibrary search path. I could be wrong my attention to this issue thus far has been a few msdn pages and a lot of deleted email as unimportant.

Fyodor <fyodorinsecure.org> wrote:

>On Sun, Sep 05, 2010 at 07:01:19PM +0530, Nikhil Mittal wrote:
>> 1. Overview
>> nmap <= 5.21 is vulnerable to Windows DLL Hijacking Vulnerability.
>
>Nmap is not vulnerable. DLL hijacking works because of an unfortunate
>interaction between apps which register Windows file extensions and
>the default Windows DLL search path used for those apps. Nmap does
>not, and never has, registered any Windows file extensions. So it
>isn't vulnerable to this issue.
>
>> 8. Solution
>> Fixed in latest development release.
>
>We have not made a special new development release, nor are we
>planning one. We do agree that Windows' default DLL search path
>handling is dumb, so we have added code in our source repository to
>improve that. It will be included in our next regular release (maybe
>in a month or so), along with other proactive security improvements
>such as enabling Windows ASLR and DEP support.
>
>Cheers,
>Fyodor
>
>_______________________________________________
>Full-Disclosure - We believe in it.
>Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]