[32890] in bugtraq
Re: Edonkey/Overnet Plugins capable of Virus/Worm behavior
daemon@ATHENA.MIT.EDU (Eric Anderson)
Wed Dec 17 18:43:07 2003
Date: Wed, 17 Dec 2003 14:54:23 -0800
From: Eric Anderson <anderson@cs.uoregon.edu>
To: Julian Ashton <ashton@joltmedia.com>
Cc: bugtraq@securityfocus.com
Message-ID: <20031217225422.GA13131@cs.uoregon.edu>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature"; boundary="FL5UXtIhxfXey3p5"
Content-Disposition: inline
In-Reply-To: <20031217015930.29190.qmail@sf-www1-symnsj.securityfocus.com>
--FL5UXtIhxfXey3p5
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
I'm not familiar with the Edonkey/Overnet plug-in mechanism, so I'm a
little bit unclear on what your concern is: Are you worried about
malicious plug-ins doing destructive things to the systems on which they
were (knowingly) installed, or that malicious code could propagate from
infected systems to clean ones? Neither is good, but the second one
would concern me a lot more than the first.
Thus spake Julian Ashton (ashton@joltmedia.com):
>=20
>=20
> I have concearns about the Plugin arhcitechture and the power given to al=
l the devs out there and possible end user harm. I am writing the FastTrack=
plugin for Edonkey/Overnet and during this process have realized that this=
is by far the worst and most insecure plugin architechture I have ever see=
n in my life. Here is a short list of what they have given 1.14 million use=
rs(currently online) to have done on their machine if they are to download =
an "bad" plugin.
>=20
> 1. Local code execution
> 2. Unlimited disk access
> 3. Unlimited sockets access
> 4. Code propogation through the client over the networks
> 5. Basically anything you can imagine in the world that can be done to a =
windows os machine.
>=20
>=20
> -Julian Ashton
--=20
Eric W. Anderson - anderson@cs.uoregon.edu
University of Oregon Network Security Research Lab
PGP fingerprints:
D3C5 D6FF EDED 9F1F C36D 53A3 74B7 53A6 3C74 5F12
9544 C724 CAF3 DC63 8CAB 5F30 68AE 5C63 B282 2D79
--FL5UXtIhxfXey3p5
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
iD8DBQE/4N6edLdTpjx0XxIRAjdUAJ94+hksFPeAcfsUbRjMtIog9047xQCaArh6
wn5hM8M6n5LMPnK7/3nMvf0=
=CAjk
-----END PGP SIGNATURE-----
--FL5UXtIhxfXey3p5--
