cainAbel.txt

cainAbel.txt: Posted Mar 22, 2005; Authored by Gary O'Leary-Steele | Site sec-1.com; Cain and Abel PSK sniffer version 2.65 is susceptible to a heap overflow that allows for arbitrary code execution.; tags | advisory, overflow, arbitrary, code execution; SHA-256 | bd34e21df4190627608dceac0bc6fb975ca0ca3a606a471084d205aecfedffde; Download | Favorite | View

cainAbel.txt

                                SEC-1 LTD.
                              www.sec-1.com

                             Security Advisory

Advisory Name:  Cain & Abel PSK Sniffer Heap overflow
 Release Date:  18/03/2005
  Application:   Cain & Abel 2.65

  Platform:   Win32
  Severity:   Remote Code Execution
  Author:  Gary O'leary-Steele

Vendor Status:   Fixed 16/03/2005
CVE Candidate:   N/A
    Reference:  http://www.oxid.it


Overview:

Cain & Abel is a password recovery tool for Microsoft Operating Systems.
It allows easy recovery of various kind of passwords by sniffing the
network,
cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis
attacks,
recording VoIP conversations, decoding scrambled passwords, revealing
password boxes
and analyzing routing protocols.


Details:

Sec-1 has identified a exploitable Heap Overflow within the PSK Sniffer
which could lead to arbitrary code execution.

By sending a large 'ID' parameter within the IKE packet it is possible to
overwrite
critical portions of the heap which could lead to remote code execution or a
denial
of service condition. Sec-1 were able to exploit this vulnerability by
overwriting the
pointer to RtlEnterCriticalSection().

Vendor Response:

Reported 15/03/05 fixed 16/03/05. Extremely fast response!!

Version 2.66 resolves the problem.

Download it at: http://www.oxid.it/cain.html


Common Vulnerabilities and Exposures (CVE) Information:

The Common Vulnerabilities and Exposures (CVE) project has assigned
the following names to these issues.  These are candidates for
inclusion in the CVE list (http://cve.mitre.org), which standardizes
names for security problems.

NOT_YET_CONFIRMED

Copyright 2005 Sec-1 LTD. All rights reserved.


******************************************************************************************************************************************************************
NEW: Sec-1 Hacking Training - Learn to breach network security to further your knowledge and protect your network http://www.sec-1.com/applied_hacking_course.html
******************************************************************************************************************************************************************

Top Authors In Last 30 Days

Red Hat 295 files
Ubuntu 58 files
Debian 33 files
Gentoo 32 files
LiquidWorm 10 files
Apple 9 files
malvuln 6 files
Adam Gowdiak 4 files
nu11secur1ty 4 files
Ahmet Umit Bayram 4 files

File Archives

Systems

AIX (429)
Apple (2,087)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,042)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,499)
HPUX (880)
iOS (375)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,597)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,755)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,493)
UNIX (9,400)
UnixWare (187)
Windows (6,659)
Other

cainAbel.txt

cainAbel.txt

File Archive:

May 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

cainAbel.txt

Share This

cainAbel.txt

File Archive:

May 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems