Re: [Full-disclosure] Nmap NOT VULNERABLE to Windows DLL Hijacking Vulnerability



Fyodor <fyodor@xxxxxxxxxxxx> wrote:

nmap <= 5.21 is vulnerable to Windows DLL Hijacking Vulnerability.

Nmap is not vulnerable. DLL hijacking works because of an unfortunate
interaction between apps which register Windows file extensions and
the default Windows DLL search path used for those apps. Nmap does
not, and never has, registered any Windows file extensions. So it
isn't vulnerable to this issue.

The "easy demo" is with clicks, which needs registration of extensions.
The "real thing" is a DLL in the current directory. Unless you always
use "cd path/to/nmap; ./nmap" to start, you are vulnerable: most people
would set their %PATH% to include the right thing for easy nmap.

Cheers, Paul

Paul Szabo psz@xxxxxxxxxxxxxxxxx http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University of Sydney Australia

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/



Relevant Pages

  • Re: [Full-disclosure] Nmap NOT VULNERABLE to Windows DLL Hijacking Vulnerability
    ... interaction between apps which register Windows file extensions and ... the default Windows DLL search path used for those apps. ... not, and never has, registered any Windows file extensions. ... would set their %PATH% to include the right thing for easy nmap. ...
    (Full-Disclosure)
  • RE: Registering a custom DLL after deployment - advice?
    ... Register property to vsdraCOM - and leave the output as content ... I added the dll and the tlb and set the build action to ... publishing and invoke the .bat file. ... The custom dll is for the Access ADP. ...
    (microsoft.public.dotnet.languages.csharp)
  • Re: Self registering a COM dll in a VS2003 Windows setup project...
    ... Most of the Register settings extract the settings at build time and put the ... at install time. ... code in that DLL is doing something that isn't being put into the MSI file. ... I have not been able to make a customized Redemption dll ...
    (microsoft.public.dotnet.framework.setup)
  • Re: IMailRuleClient wont work!!!
    ... Does your DLL properly export DllRegisterServer and DllGetClassObject? ... > So i have tested manually register the COM. ...
    (microsoft.public.pocketpc.developer)
  • RE: COM Addin dll and HKEY_LOCAL_MACHINE
    ... registry for HKEY_LOCAL_MACHINE (HKLM). ... associate the designer objects with HKLM and compile the DLL so that it would ... Outlook ] ... > designer to register in HKEY_CURRENT_USER. ...
    (microsoft.public.vb.com)