Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Full-disclosure] Cain & Abel PSK Sniffer Heap overflow

from [Gary O'leary-Steele] Network Security [Permanent Link]
Subject: [Full-disclosure] Cain & Abel PSK Sniffer Heap overflow
Date: Fri, 18 Mar 2005 11:06:09 -0000 
                                SEC-1 LTD.
                              www.sec-1.com

                             Security Advisory

Advisory Name:  Cain & Abel PSK Sniffer Heap overflow
 Release Date:  18/03/2005
  Application:  Cain & Abel 2.65

        Platform:       Win32
        Severity:       Remote Code Execution
        Author: Gary O'leary-Steele

Vendor Status:  Fixed 16/03/2005
CVE Candidate:  N/A
    Reference:  http://www.oxid.it


Overview:

Cain & Abel is a password recovery tool for Microsoft Operating Systems.
It allows easy recovery of various kind of passwords by sniffing the
network,
cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis
attacks,
recording VoIP conversations, decoding scrambled passwords, revealing
password boxes
and analyzing routing protocols.


Details:

Sec-1 has identified a exploitable Heap Overflow within the PSK Sniffer
which could lead to arbitrary code execution.

By sending a large 'ID' parameter within the IKE packet it is possible to
overwrite
critical portions of the heap which could lead to remote code execution or a
denial
of service condition. Sec-1 were able to exploit this vulnerability by
overwriting the
pointer to RtlEnterCriticalSection().

Vendor Response:

Reported 15/03/05 fixed 16/03/05. Extremely fast response!!

Version 2.66 resolves the problem.

Download it at: http://www.oxid.it/cain.html


Common Vulnerabilities and Exposures (CVE) Information:

The Common Vulnerabilities and Exposures (CVE) project has assigned
the following names to these issues.  These are candidates for
inclusion in the CVE list (http://cve.mitre.org), which standardizes
names for security problems.

NOT_YET_CONFIRMED

Copyright 2005 Sec-1 LTD. All rights reserved.


******************************************************************************************************************************************************************
NEW: Sec-1 Hacking Training - Learn to breach network security to further your 
knowledge and protect your network 
http://www.sec-1.com/applied_hacking_course.html
******************************************************************************************************************************************************************
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://www.secunia.com/
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [Full-disclosure] Cain & Abel PSK Sniffer Heap overflow, Gary O'leary-Steele <=
Previous by Date:  RE: Automated website mapping with Google, Thomas Brennan
Next by Date:  Re: SNMP Testing, Jeff Bryner
Previous by Thread:  Automated website mapping with Google, Yvan L
Next by Thread:  MS Access SQL injection column enumeration, RaMatkal x2
Indexes:  [Date] [Thread] [Top] [All Lists]