Full Disclosure mailing list archives
Re: Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516)
From: Dan Ballance <tzewang.dorje () gmail com>
Date: Sat, 12 Nov 2011 23:33:10 +0000
Cheers Antony, I began by asking if Scapy was a suitable tool for crafting this attack - and then asked more generally what tools/languages/frameworks do people recommend for this kind of task? Are you suggesting due to the very large numbers of packets involved that for performance reasons this needs to be written in c/c++? On 12 November 2011 06:22, Antony widmal <antony.widmal () gmail com> wrote:
On Fri, Nov 11, 2011 at 10:08 PM, Jeffrey Walton <noloader () gmail com>wrote:On Sat, Nov 12, 2011 at 12:53 AM, Antony widmal <antony.widmal () gmail com> wrote:Dear Dan, Impacket was at first a Pysmb copy/update from Core Security in order to play with RPC. (look at the source) They've done some work on pysmb library in order to implement DCE/RPC functionality in this dinosaurus lib.You can also try Dave Aitel's SPIKE. Yeah sure;If you're passionate about medieval history and you are a fan of the Flintstones, you'll be happy with Dave's Aitel fuzzer. Regards, Antony > This vulnerability is about sending a *huge fucking* stream of UDPpacketson a closed port in order to trigger a int overflow via a ref count. Most of the people here didn't even understand what we are talking about/dealing with.Is this related to the undisclosed MS09-048, which we were told did not require remediation because the Windows firewall (et al) mitigated the vulnerability? http://www.microsoft.com/technet/security/Bulletin/MS09-048.mspx. Jeff_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516), (continued)
- Re: Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516) Ryan Dewhurst (Nov 11)
- Re: Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516) Mario Vilas (Nov 11)
- Re: Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516) Thor (Hammer of God) (Nov 11)
- Re: Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516) Ryan Dewhurst (Nov 11)
- Re: Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516) xD 0x41 (Nov 11)
- Re: Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516) Antony widmal (Nov 11)
- Re: Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516) Dan Ballance (Nov 11)
- Re: Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516) Antony widmal (Nov 11)
- Re: Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516) Jeffrey Walton (Nov 11)
- Re: Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516) Antony widmal (Nov 11)
- Re: Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516) Dan Ballance (Nov 13)
- Re: Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516) Mario Vilas (Nov 12)
- Re: Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516) Darren Martyn (Nov 12)
- Re: Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516) dave bl (Nov 13)
- Re: Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516) Dan Tulovsky (Nov 13)
- Re: Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516) Antony widmal (Nov 13)
- Re: Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516) Valdis . Kletnieks (Nov 11)
- Re: Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516) xD 0x41 (Nov 11)
- Re: Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516) Ian Hayes (Nov 11)
- Re: Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516) Chris L (Nov 13)
- Re: Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516) Dan Ballance (Nov 11)