Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Vuln-Dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

NSA Group Security Advisory NSAG-№198-23.02.2006 Vulnerability The Bat

from [NSA Group] Network Security [Permanent Link]
Subject: NSA Group Security Advisory NSAG-№198-23.02.2006 Vulnerability The Bat v. 3.60.07
Date: Fri, 24 Feb 2006 00:37:00 +0300 
Advisory:
NSAG-№198-23.02.2006

Research:
NSA Group [Russian company on Audit of safety & Network security]

Site of Research:
http://www.nsag.ru or http://www.nsag.org

Product: 
The Bat  v. 3.60.07 

Site of manufacturer:
www.ritlabs.com

The status: 
19/11/2005 - Publication is postponed. 
19/11/2005 - Manufacturer is notified. 
12/12/2005 - Answer of the manufacturer. 
22/02/2006 - Publication of vulnerability.

Original Advisory:
http://www.nsag.ru/vuln/953.html

Risk: 
Critical 

Description: 
Vulnerability exists owing to insufficient check of the size of the buffer of a 
variable
in which it is copied data from field Subject.

Influence: 
The malefactor is capable to execute an any code  on a computer of the 
addressee of the letter.

Exploit: 
If a field subject == 4038 bytes at reception of such letter there is an 
overflow of the buffer and 
Rewriting of registers EIP and EBP, that allows the malefactor to execute 
Any code in a context vulnerable The Bat appendices. 
Exemple: 

Subject:AAAAAAAAAAA.... 4038..... AABB 
A=0x41 (hex) 
B=0x42 (hex) 

Condition of a code, at the moment of overflow: 
New Entery point: 
00420042 FE???; Unknown command // Performance of an any code!!! 

Condition of registers: 
EAX 01CCC4A4 
ECX 00000000 
EDX 0012FA5C 
EBX 02A4EB40 
ESP 0012F9EC 
EBP 00410041 thebat.00410041 
      
       A A 
ESI 00000004 
EDI 02A231F0 
EIP 00420042 thebat.00420042 
      
       B B 

Decision: 
Download new version.
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Our company is the independent auditor of the software in market IT.
At present independent audit of the software becomes the standard practice
and we suggest to make a let out product as much as possible protected from a 
various sort of attacks of malefactors!

www.nsag.ru 
«Nemesis» © 2006
------------------------------------ 
Nemesis Security Audit Group © 2006.
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • NSA Group Security Advisory NSAG-№198-23.02.2006 Vulnerability The Bat v. 3.60.07, NSA Group <=
Previous by Date:  NSA Group Security Advisory NSAG-№195-23.02.2006 Vulnerability FCKeditor 2.0 FC, NSA Group
Next by Date:  RE: Amazon phishing scam on Yahoo servers, Alex Eckelberry
Previous by Thread:  NSA Group Security Advisory NSAG-№195-23.02.2006 Vulnerability FCKeditor 2.0 FC, NSA Group
Next by Thread:  Administrivia: New Bugtraq moderator, David Ahmad
Indexes:  [Date] [Thread] [Top] [All Lists]