------------------------------------------------------------------ - EXPL-A-2003-016 exploitlabs.com Advisory 016 ------------------------------------------------------------------ -=- Looksmart / Grub Distributed Webcrawling Client -=- Donnie Werner http://exploitlabs.com Vunerability(s): ---------------- 1.local clear user / password in windows registry Product: -------- http://www.grub.org/ http://www.looksmart.com/ Vulnerable: grub-client-1.3.7.exe May 12, 2003 grub-client-1.3.7.zip May 12, 2003 Not Vunerable: grub-client-1.4.3.exe [CURRENT] Jul 2, 2003 grub-client-1.4.3.zip [CURRENT] Jul 2, 2003 patch-to-1.4.3.exe [CURRENT] Jul 2, 2003 patch-to-1.4.3.zip [CURRENT] Jul 2, 2003 Description of product: ----------------------- "Grub uses the power of distributed computing to build the best search on the Web. It automatically crawls the Web in the background, borrowing your computer's spare clock cycles, so you won't even notice it's there. The download is quick, you control how much you crawl, and the cool screensaver shows you the real-time progress your computer is making. You can even compare your stats to other Grubsters in the project! Help perfect the search engine. Join the Grub project today!" Company Profile: ---------------- "LookSmart is a leader in Search Targeted Marketing. Through its innovative LookListingsTM suite of commercial search listings products and graphical advertising products, LookSmart enables large and small businesses alike to expose their products and services to customers at the precise moment they're searching for that very thing. The result is a better search experience for the user, as well as highly qualified leads and lower customer acquisition costs for the business. The LookSmart network reaches 77%* of Internet users, and includes Microsoft's MSN, Excite@Home, AltaVista, Netscape Netcenter, Inktomi, Prodigy, Juno, CNN.com, Road Runner, Cox Interactive Media, InfoSpace (Go2Net, Dogpile, MetaCrawler) and Ask Jeeves." *Media Metrix June 2001 Digital Media Audience Ratings Reviews: -------- http://www.fortune.com/fortune/smallbusiness/skeptic/0,15704,453288,00.html David Lidsky http://www.wired.com/news/infostructure/0,1377,58497,00.html http://slashdot.org/article.pl?sid=03/04/19/1916209&mode=thread&tid=95 VUNERABILITY / EXPLOIT ====================== Local: ------ Passwords and user names are stored cleartext inside registry under Windows OS REG Key Subkey ( data ) HKEY_CURRENT_USER\Software\VB and VBA Program Settings\GrubClient\Settings userEmail userPassword Vendor Fix: ----------- upgrade to.. grub-client-1.4.3 Vendor Contact: --------------- June 4 2003 left a message at Tel: 415.348.7000 @3am advising them of my impending release at 12pm. Callback 9:10am from corp office. kord@grub.org kord campel 415-348-7691 Vendor knows and is working on the issue. Installed new client and note issue resolved. Credit to Donnie Werner of exploitlabs.com for publicly bringing this to our attention and working with us on a resolve. Credits: -------- Donnie Werner http://exploitlabs.com "where finding your holes is job one, and plugging them twice the fun" morning_wood@exploitlabs.com Original Advisory at http://exploitlabs.com/files/advisories/grub-client.txt This Advisory is at http://exploitlabs.com/files/advisories/EXPL-A-2003-016-grub-client.txt