Full Disclosure mailing list archives
Who Cried Wolf???!? (or, Who's Shell32.exe?) [was: Local DoS in windows]
From: "Arcturus" <arcturus () secrev net>
Date: Sun, 12 Oct 2003 08:49:50 -0400
In reference to the alleged DoS in Windows... FIRST AND FOREMOST IF YOU DOWNLOAD AND INSTALL SOMEONE ELSE'S CORE WINDOWS FILES ONTO YOUR SYSTEM, YOU CANNOT EXPECT YOUR SYSTEM TO OPERATE IN THE FASHION THAT IT WAS ORIGINALLY PRODUCED. (see the definition of Stupidity, below) <soapbox rant>And as far as "bipin gautam"'s website, it's a very poor excuse for someone that doesn't understand operating systems. For example, his Bypass WinXP Logs "TRICK" assumes that the guest account is not disabled, and that my system won't shutdown when the security event log cannot be written to. This "trick" will not work in any reasonably configured environment. His other "Tricks" are nothing more than a lack of understanding of a GUI system, and OS. While he claims to have forwarded these to Microsoft, I'm sure that they view these with the same "So What" attitude that I have. No bug, no threat, no skill. This "hunter" makes assumptions that everyone allows "guest" access to systems, and that "normal" users have direct access to critical windows system files. If this is true of any system, that guest access is enabled without any restrictions, ANY SYSTEM can be SUBVERTED.</soapbox rant>. Regarding the "Local DoS in windows", I have the same results as "Joe". It does NOT effect my Windows XP system. Details of the system are under my signature block. A short system summary: AMD T-Bird Processor, 1.4 512Mb RAM. Dual Monitor, with an NVIDIA and ATI Adapters. Fully Licensed XP Fully Licensed Office 2003 SQL 2000 Running on Box I AM NOT RUNNING SOMEONE ELSE'S HACKED SOFTWARE. I use this box as my workstation at home, and my test bed for work. I have not seen any issues relating to any DoS on my box, unless I begin downloading files and starve my 100 Mbps Network. I suggest that the persons who reported this "bug" ("bipin gautam") learn how to use the performance monitor, and determine what processes and/or threads are actually running the box at 100% utilization, as it sounds that they are running an out-of-date video driver, or as Joe suggests, they have hacked their own shell32.dll to death. Just my 2ยข, YMMV. - Arcturus CISSP, CCSE+, CNX. Stupidity: This is the act of doing the same thing over and over again, and expecting a different result each time. System Summary: OS Name Microsoft Windows XP Professional Version 5.1.2600 Service Pack 1 Build 2600 OS Manufacturer Microsoft Corporation System Name <Like I'm telling you> System Manufacturer System Manufacturer System Model Product Name System Type X86-based PC Processor x86 Family 6 Model 4 Stepping 4 AuthenticAMD ~1400 Mhz BIOS Version/Date Award Software International, Inc. 6.00 PG, 3/7/2001 SMBIOS Version 2.3 Windows Directory C:\WINDOWS System Directory C:\WINDOWS\System32 Boot Device \Device\HarddiskDmVolumes\DFFDg0\Volume1 Locale United States Hardware Abstraction Layer Version = "5.1.2600.1106 (xpsp1.020828-1920)" User Name <See System Name> Time Zone Eastern Standard Time Total Physical Memory 512.00 MB Available Physical Memory 11.70 MB Total Virtual Memory 873.43 MB Available Virtual Memory 320.10 MB Page File Space 617.95 MB Page File C:\pagefile.sys -----Original Message----- From: full-disclosure-admin () lists netsys com [mailto:full-disclosure-admin () lists netsys com] On Behalf Of Joe Sent: Saturday, October 11, 2003 9:32 PM To: Full-Disclosure () lists netsys com Cc: bugtraq () securityfocus com Subject: RE: [Full-disclosure] Local DoS in windows. Umm nope, not on my XP SP1 machine. I have about 15 windows running and avg 1% utilization. I do your little trick and there is no change. Though maybe it is because my machine is one of those really fast 900Mhz PIII's. Maybe the problem is you are running a hacked version of shell32.dll from http://www.geocities.com/visitbipin/ and he screwed it up. Thanks for playing. joe -----Original Message----- From: full-disclosure-admin () lists netsys com [mailto:full-disclosure-admin () lists netsys com] On Behalf Of bipin gautam Sent: Friday, October 10, 2003 1:18 PM To: Full-Disclosure () lists netsys com Cc: bugtraq () securityfocus com --- [Affected] --- We have only tried it in windows Xp. --- [Bug Details] --- http://www.geocities.com/visitbipin/win_dos.jpg The image is self explanatory... --- [Description] --- When you click to "any" close, maximize or minimize button's in windows Xp, [No matter whether it's IE or a WordPad] surprisingly there is 100% CPU use at the instant and it continues............ until you release the button! Moreover, we've noticed if you continuously click the button for a long time [... not release it and hold ON ] we've seen gradual/slow rise in page-file use too...!!! --- [Conclusion] --- Hell... local DoS! That could be used by employees working at different terminal..... (O; _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: Local DoS in windows., (continued)
- Re: Local DoS in windows. Cael Abal (Oct 10)
- Re: Local DoS in windows. [finally...] bipin gautam (Oct 10)
- RE: Local DoS in windows. bipin gautam (Oct 10)
- RE: Local DoS in windows. bipin gautam (Oct 10)
- Re: Local DoS in windows. Richard Spiers (Oct 11)
- Re: Local DoS in windows. Valdis . Kletnieks (Oct 11)
- Re: Local DoS in windows. npguy (Oct 11)
- Re: Local DoS in windows. bipin gautam (Oct 12)
- Re: Local DoS in windows. [indeed it works... PROOF?] bipin gautam (Oct 12)
- Who Cried Wolf???!? (or, Who's Shell32.exe?) [was: Local DoS in windows] Arcturus (Oct 12)