On November 2007 I have reported to cygwin developers a very important security flaw at cygwin subsistem, that can be exploited remotelly via SSH, HTTP, or almost any kind of daemon runing under cygwin.
jolmos cygwin Advisory
vade79/v9 has released a nice exploit for webdespoxy software, with cygwin the explotation is more efective because all cygwin processes have linked the cygwin1.dll kernel, then we have some universal offsets like:
0x61048690 push esp - ret
0x6104936D jmp esp
0x6112C494 push esp - ret
I don't recomend to use cygwin to opening services to the net.
jolmos cygwin Advisory
vade79/v9 has released a nice exploit for webdespoxy software, with cygwin the explotation is more efective because all cygwin processes have linked the cygwin1.dll kernel, then we have some universal offsets like:
0x61048690 push esp - ret
0x6104936D jmp esp
0x6112C494 push esp - ret
I don't recomend to use cygwin to opening services to the net.
Comentarios