본문바로가기 18.118.166.106

대구가톨릭대학교 DAEGU CATHOLIC UNIVERSITY 대구가톨릭대학교 DAEGU CATHOLIC UNIVERSITY

모바일 메뉴 닫기
모바일 메뉴 열기
상단배경사진

DCU광장

Community

추천검색어

검색창 닫기
메인으로
텍스트 크게 텍스트 크기 초기화 텍스트 작게 페이지 인쇄 메뉴 열기

바이러스/보안게시판

[취약점] SignKorea ActiveX BOF
작성일 : 2007/03/29 작성자 : 이호진 조회수 : 5930

-----------------------------------------------------------------

대구가톨릭대학교 정보보호 동아리 i-Keeper

http://ikeeper.or.kr Power by CU-CERT

-----------------------------------------------------------------

 

우리 나라의 언더그라운드 해커팀 중에 한 명이

SignKorea 라고 공인인증 기관인에 여기서 유포하는 ActiveX

컨트롤 모듈에 BOF 공격 가능한 취약점을 찾아 포스팅 하였습니다.

매우 위험한 상태이니 관련 패치를 수행하시기 바랍니다.

 

아래는 원문입니다.

 

Title: SignKorea's ActiveX Buffer Overflow Vulnerability

Version: SKCommAX ActiveX Control Module 7,2,0,2
         SKCommAX ActiveX Control Module(3280) 6,6,0,1

Discoverer: PARK, GYU TAE (saintl...@null2root.org)

Advisory No.: NRVA07-01

Critical: High critical

Impact: Gain remote user's privilege

Where: From remote

Operating System: Windows Only

Test Client System: Windows XP Service Pack 2 in KOREAN (Patched)
                    Windows XP Service Pack 2 in ENGLISH (Patched)

Solution Vendor: SignKorea, KOSCOM

Solution: Patched

Duration of patch: 6 Day(s) - don't ask me about this I don't know exactly

Notice: 17. 03. 2007 Initiate notified KISA(Korea Information Security
Agency)
        21. 03. 2007 Vendor response and confirmed vulnerability
        23. 03. 2007 Patched by vendor
        26. 03. 2007 Public disclosure

Des_+a_+cription:

The SKCommAX's ActiveX is common certification solution on the net
If citizen want to use Internet banking, Stock and so on like Online
banking services in Korea
then must be use PKI certification program like this ActiveX.

The SKCommAX's activex has one remote vulnerability (maybe)
If uses HTML file which was crafted by this vulnerability then you'll get
somebody's remote privilege.

See following detail describe:

SKCommAX's activex has DownloadCertificateExt() function. this function
requests two arguments(pszUserID and CertType).
This function didn't check pszUserID argument whether it's correct or not.
It's a pretty simple buffer overflow even Windows Environment.

EXPLOIT NOT INCLUDED HERE

You don't need exploit written by me bcoz you already known that

Greet: Null@Root Group, BugTruck Mailling and Information Security Team in
NCSoft.
--
Make Our Internet Secure With H4ck3rz

댓글 작성
최상단 이동 버튼