Back to list
Fun with event logs (semi-offtopic)
Dec 21 2006 12:22PM
3APA3A (3APA3A SECURITY NNOV RU)
Re: [Full-disclosure] Fun with event logs (semi-offtopic)
Dec 21 2006 01:09PM
endrazine (endrazine gmail com)
Heya lists & 3APA3A,
3APA3A a écrit :
> Dear full-disclosure (at) lists.grok.org (dot) uk [email concealed],
> There is interesting thing with event logging on Windows. The only
> security aspect of it is event log record tampering and performance
> degradation, but it may become sensitive is some 3rd party software is
> used for automated event log analysis.
> The problem is a kind of "Format string" vulnerability where
> user-supplied input is used for event log record. For ReportEvent()
> function %1, %2, etc have a special meaning and are replaced with
> corresponding string from lpStrings.
It looks more like a variable replacement (like $0 $1 ... in bash shell)
than a format string issue to me.
And it seems indeed to be a relevant information disclosure bug.
[ reply ]
Copyright 2010, SecurityFocus