[Full-disclosure] Fun with event logs (semi-offtopic)
endrazine
endrazine at gmail.com
Thu Dec 21 13:09:43 GMT 2006
Heya lists & 3APA3A,
3APA3A a écrit :
> Dear full-disclosure at lists.grok.org.uk,
>
> There is interesting thing with event logging on Windows. The only
> security aspect of it is event log record tampering and performance
> degradation, but it may become sensitive is some 3rd party software is
> used for automated event log analysis.
>
> The problem is a kind of "Format string" vulnerability where
> user-supplied input is used for event log record. For ReportEvent()
> function %1, %2, etc have a special meaning and are replaced with
> corresponding string from lpStrings.
It looks more like a variable replacement (like $0 $1 ... in bash shell)
than a format string issue to me.
And it seems indeed to be a relevant information disclosure bug.
Cheers,
endrazine-
Full-Disclosure is hosted and sponsored by Secunia.