[14964] in bugtraq
Re: RFP2K04: Mining BlackICE with RFPickAxe
daemon@ATHENA.MIT.EDU (Andrew Lambeth)
Fri May 19 20:08:09 2000
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-Id: <39258513.C4FB32@nfr.net>
Date: Fri, 19 May 2000 14:16:51 -0400
Reply-To: Andrew Lambeth <andrew@NFR.NET>
From: Andrew Lambeth <andrew@NFR.NET>
X-To: rain forest puppy <rfp@WIRETRIP.NET>
To: BUGTRAQ@SECURITYFOCUS.COM
rain forest puppy wrote:
>
> --/ 3 / Forward thinking /------------------------------------------------
>
> I discussed this point at CanSecWest. BlackICE is not the only (security)
> application that stores data in a Microsoft .mdb file. So what does use
> .mdb's? Well, NT 4.0 WINS, DHCP, CyberCop, NFR-GUI (Windows client), etc.
>
No version of the NFR windows client has ever been in any way vulnerable
to any form or variation of the exploit discussed in this advisory.
The NFR windows client does not store any information in a Microsoft
.mdb file nor does it use Microsoft Access or Jet in any way.
You may have been confused by the fact that an earlier version of the
NFR client used ".mar" as a file extension for "Marked As Read" files.
These files were not in any way associated with Microsoft Access. The
filename extension was changed some time ago to avoid such confusion.
--
Andrew Lambeth - Senior Software Engineer, Network Flight Recorder, Inc.
