SEC-1 LTD. www.sec-1.com Security Advisory Advisory Name: Cain & Abel PSK Sniffer Heap overflow Release Date: 18/03/2005 Application: Cain & Abel 2.65 Platform: Win32 Severity: Remote Code Execution Author: Gary O'leary-Steele Vendor Status: Fixed 16/03/2005 CVE Candidate: N/A Reference: http://www.oxid.it Overview: Cain & Abel is a password recovery tool for Microsoft Operating Systems. It allows easy recovery of various kind of passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords, revealing password boxes and analyzing routing protocols. Details: Sec-1 has identified a exploitable Heap Overflow within the PSK Sniffer which could lead to arbitrary code execution. By sending a large 'ID' parameter within the IKE packet it is possible to overwrite critical portions of the heap which could lead to remote code execution or a denial of service condition. Sec-1 were able to exploit this vulnerability by overwriting the pointer to RtlEnterCriticalSection(). Vendor Response: Reported 15/03/05 fixed 16/03/05. Extremely fast response!! Version 2.66 resolves the problem. Download it at: http://www.oxid.it/cain.html Common Vulnerabilities and Exposures (CVE) Information: The Common Vulnerabilities and Exposures (CVE) project has assigned the following names to these issues. These are candidates for inclusion in the CVE list (http://cve.mitre.org), which standardizes names for security problems. NOT_YET_CONFIRMED Copyright 2005 Sec-1 LTD. All rights reserved. ****************************************************************************************************************************************************************** NEW: Sec-1 Hacking Training - Learn to breach network security to further your knowledge and protect your network http://www.sec-1.com/applied_hacking_course.html ******************************************************************************************************************************************************************