------------------------------------------------------------------
- EXPL-A-2003-016 exploitlabs.com Advisory 016
------------------------------------------------------------------
-=- Looksmart / Grub Distributed Webcrawling Client -=-
Donnie Werner
http://exploitlabs.com
Vunerability(s):
----------------
1.local clear user / password in windows registry
Product:
--------
http://www.grub.org/
http://www.looksmart.com/
Vulnerable:
grub-client-1.3.7.exe May 12, 2003
grub-client-1.3.7.zip May 12, 2003
Not Vunerable:
grub-client-1.4.3.exe [CURRENT] Jul 2, 2003
grub-client-1.4.3.zip [CURRENT] Jul 2, 2003
patch-to-1.4.3.exe [CURRENT] Jul 2, 2003
patch-to-1.4.3.zip [CURRENT] Jul 2, 2003
Description of product:
-----------------------
"Grub uses the power of distributed computing to build the best
search on the Web.
It automatically crawls the Web in the background, borrowing your
computer's spare
clock cycles, so you won't even notice it's there. The download is
quick, you control
how much you crawl, and the cool screensaver shows you the real-time
progress your
computer is making. You can even compare your stats to other Grubsters
in the project!
Help perfect the search engine. Join the Grub project today!"
Company Profile:
----------------
"LookSmart is a leader in Search Targeted Marketing. Through its
innovative LookListingsTM
suite of commercial search listings products and graphical advertising
products, LookSmart
enables large and small businesses alike to expose their products and
services to customers
at the precise moment they're searching for that very thing. The
result is a better search
experience for the user, as well as highly qualified leads and lower
customer acquisition
costs for the business. The LookSmart network reaches 77%* of Internet
users, and includes
Microsoft's MSN, Excite@Home, AltaVista, Netscape Netcenter, Inktomi,
Prodigy, Juno, CNN.com,
Road Runner, Cox Interactive Media, InfoSpace (Go2Net, Dogpile,
MetaCrawler) and Ask Jeeves."
*Media Metrix June 2001 Digital Media Audience Ratings
Reviews:
--------
http://www.fortune.com/fortune/smallbusiness/skeptic/0,15704,453288,00.html
David Lidsky
http://www.wired.com/news/infostructure/0,1377,58497,00.html
http://slashdot.org/article.pl?sid=03/04/19/1916209&mode=thread&tid=95
VUNERABILITY / EXPLOIT
======================
Local:
------
Passwords and user names are stored cleartext inside registry under
Windows OS
REG Key
Subkey ( data )
HKEY_CURRENT_USER\Software\VB and VBA Program
Settings\GrubClient\Settings
userEmail
userPassword
Vendor Fix:
-----------
upgrade to..
grub-client-1.4.3
Vendor Contact:
---------------
June 4 2003 left a message at Tel: 415.348.7000 @3am advising them of
my impending release
at 12pm.
Callback 9:10am from corp office.
kordat_private
kord campel 415-348-7691
Vendor knows and is working on the issue.
July 10 2003 Installed new client and note issue resolved.
Credits:
--------
Donnie Werner
http://exploitlabs.com "finding your holes is job one, and plugging
them twice the fun"
morning_woodat_private
Original Advisory at
http://exploitlabs.com/files/advisories/grub-client.txt
This Advisory is at
http://exploitlabs.com/files/advisories/EXPL-A-2003-016-grub-client.txt
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
This archive was generated by hypermail 2b30 : Sun Jul 13 2003 - 09:09:06 PDT