Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Bugtraq
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

HAURI live update. Arbitrary remote file download and execute vulnerabil

from [saintlinu] Network Security [Permanent Link]
Subject: HAURI live update. Arbitrary remote file download and execute vulnerability
Date: Wed, 27 Jul 2005 16:14:17 +0900 
Dear Mailling lists

-----------[Cut Cut]--------------------------------

Title:             HAURI live update. Arbitrary remote file download and 
execute vulnerability

Discoverer:        Original discoverer Neo
                   Original exploit improver PARK, GYU TAE 
(saintlinu@null2root.org)

Advisory No.:      NRVA05-03

Critical:          High Critical

Impact:            Arbitrary file download from Internet and executable

Where:             From remote

Operating System:  Windows Only

Solution:          Patched

Affected S/W:      
http://update.nprotect.net/newlivecall/engine/livecall.cab#version=2004,6,25,1 
by Neo
                   
http://fx.HAURI.net/HProduct/livesuite/XXXXXXX/CLIENT/LiveSuite/web/HLiveRobotWeb.cab#version=2005,6,21,1
 by Saintlinu


Notice:            06. 29. 2005 initiated
                   06. 30. 2005 2ND No response
                   07. 05. 2005 Vendor responded and will be patched until 07. 
22. 2005
                   07. 21. 2005 patched 
                   07. 26. 2005 Disclosure vulnerability 

Description: 

HAURI is an anti virus vendor in Korea

The livesuite offers services to users scanning and treating virus, worm, hack 
tools and so on from Internet

See following detail describe:

[The first half]

Neo discovered vulnerability at 
http://update.nprotect.net/newlivecall/livecall.html

HAURI never check parameters When updates from Internet update server

also HAURI never check file's checksum or hash value.

He modified liveup.haz file, it's live update configuration file

that file just compressed by ZIP compressor.

if HAURI user access phishing page such as can use BBS that has vulnerability 
such as cross site script 

then evil software downloaded without any restrict

evil software like cmd.exe if exist then HAURI overwrites.

[The latter half]

As you seen above. Saintlinu improved Neo's exploit. 

Saintlinu found HAURI LIVE UPDATE program at XXX Commercial companies in Korea

HAURI checked files in liveup.haz but that's all.

File's checksum is date and time when it made

therefore we can exploit that vulnerability. 

Technical Describe:

NOT INCLUDED HERE

-----------[Cut Cut]--------------------------------

I higher respect Neo

Special thanks for My best group Null@root.

PS. I'm very sorry for poor my konglish
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • HAURI live update. Arbitrary remote file download and execute vulnerability, saintlinu <=
Previous by Date:  [OpenPKG-SA-2005.016] OpenPKG Security Advisory (fetchmail), OpenPKG
Next by Date:  Re: several vulnerabilities present in Belkin wireless routers, E. Kellinis
Previous by Thread:  [OpenPKG-SA-2005.016] OpenPKG Security Advisory (fetchmail), OpenPKG
Next by Thread:  uguestbook exploit, l--s
Indexes:  [Date] [Thread] [Top] [All Lists]