[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] Nmap NOT VULNERABLE to Windows DLL Hijacking Vulnerability
- To: full-disclosure@xxxxxxxxxxxxxxxxx
- Subject: Re: [Full-disclosure] Nmap NOT VULNERABLE to Windows DLL Hijacking Vulnerability
- From: Nikhil Mittal <nikhil_uitrgpv@xxxxxxxxxxx>
- Date: Thu, 9 Sep 2010 23:34:55 +0530 (IST)
>>Nmap is not vulnerable. DLL hijacking works because of an unfortunate
>>interaction between apps which register Windows file extensions and
>>the default Windows DLL search path used for those apps. Nmap does
>>not, and never has, registered any Windows file extensions. So it
>>isn't vulnerable to this issue.
Fyodor,
Nmap do load airpcap.dll from insufficiently qualified path. If you don't want
it to call it a vulnerability, then it's your choice. But if you look at the
issue its between apps and Windows DLL search path not only for the apps which
register Windows file extensions.
Apps which register Windows file extensions are Exploitable by default while
nmap is not.
So, according to me nmap is vulnerable but not exploitable by default. Please,
try to figure out the difference b/w exploitability and vulnerability.
All,
You can and you should use nmap without any fear of getting exploited until you
are stupid enough to open a file from a shared location using nmap. nmap _is_
safe to use.
Nikhil Mittal
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/