Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Mon, 18 Apr 2016 19:02:13 +0200
From: "Stefan Kanthak" <stefan.kanthak@...go.de>
To: <oss-security@...ts.openwall.com>
Cc: "CVE ID Requests" <cve-assign@...re.org>
Subject: Re: CVE request: GnuPG classic & GnuPG modern

Kurt Seifried wrote:

> I suspect we're going to need a tiny bit more context around this request.
> Like... what's the CVE for?

Loading of multiple Windows system DLLs from the installers application
directory instead of Windows' system directory, a.k.a. DLL hijacking.

Well-known and well-documented for example in
<https://cwe.mitre.org/data/definitions/426.html>
<https://cwe.mitre.org/data/definitions/427.html>
<https://capec.mitre.org/data/definitions/471.html>

On Windows 7:
    uxtheme.dll, winmm.dll, samcli.dll, msacm32.dll, version.dll, sfc.dll,
    sfc_os.dll, userenv.dll, profapi.dll, dwmapi.dll, mpr.dll

On other versions of Windows: a similar list.

regards
Stefan

> On Mon, Apr 18, 2016 at 4:49 AM, Stefan Kanthak <stefan.kanthak@...go.de>
> wrote:
> 
>> Hi,
>>
>> please assign (1 or 2, as you like) CVEs for GnuPG classic and GnuPG
>> modern.
>>
>> regards
>> Stefan Kanthak

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ