News from the Lab: January 2006

Wednesday, January 11, 2006

Another week!!

Anyways the second week since i started with my blog, glad to quote that i succesfully completed the research on Mailsite. Atlast another of OS2A's advisories, the fourth one infact.
Dissected various dll files of Mailsite, what captured my attention was the wconsole.dll, very unusual a dll file is exposed to the user as it is , initial analysis was a cross-scripting vulnerability in Mailsite which was obvious as the HTML code was embedded in the dll file and whatever script is inserted into the GET request
it is executing in the returning HTMl page response.
Now i downloaded the latest series of Mailsite,(7.0.3) performed the same kind of analysis on the dll files, this time a different observation :-) . Mailsite is not properly sanitizing the input parameters to the GET request
Can you believe what happened?
Yup, a buffer overflow in the HTTPMA service. It causes the svchost process to consume entire cpu cycles
and ultimately crashed the service.A denial of service, the first one of its kind from me.

Contacted the vendor, waiting them to release the fixes, can't wait to get my advisory out.....

Thursday, January 05, 2006

A cool Thursday, late to office, started with the environment setup of my routine tasks,
Got a cisco task to work on. The mailsite express vulnerability i been researching on is still pending.
Initial observation shows a denial of service in the 7.x series of the mail agent, but a cross-site scripting vulnerability in 7.x, 6.x and 5.x versions are evident.
Can't wait to get this done :-)

Wednesday, January 04, 2006

RAHUL's Blog

Welcome to my blog, guys !!! This blog is here to keep track of my interests in the security space...Have a nice time....