miércoles, marzo 19, 2008

cygwin security

On November 2007 I have reported to cygwin developers a very important security flaw at cygwin subsistem, that can be exploited remotelly via SSH, HTTP, or almost any kind of daemon runing under cygwin.

jolmos cygwin Advisory

vade79/v9 has released a nice exploit for webdespoxy software, with cygwin the explotation is more efective because all cygwin processes have linked the cygwin1.dll kernel, then we have some universal offsets like:

0x61048690 push esp - ret
0x6104936D jmp esp
0x6112C494 push esp - ret

I don't recomend to use cygwin to opening services to the net.