Vulnerability Development mailing list archives

Re: bug w2k

From: ANdrei <andrei () abc ro>
Date: Mon, 30 Jul 2001 19:47:45 +0300

I tried it too:

win2k English and German, SP1, 3 f7  -> reboot :)

aloha guys,
ANdrei


Jon Westmuckett wrote:


I have also verified this - win2k english sp2 - with 2-3 F7s.

However, it seems to work with command line programs other than ping - i've
caused my machine to reboot by substituting telnet and even "dir /s" for
ping.  Additionally, it seems that the crash occurs after the command
finishes executing.  I saw a BSOD flicker past but i couldn't make out any
details past "STOP: c000021a Fatal System Error".

Regards,
Jon

At 16:37 28/07/2001 -0500, Mark Saum wrote:

I've verified this to work on Win2K Pro SP2.  It took 3 F7s and my system
hard-booted as if I had hit the reset button.

On a Win2K Server SP2 on a terminal session (administrator mode) it doesn't
crash the box.  However:
 - You can create a "cmd.exe" session that is unkillable
 - You can't log off that session
 - You can't kill that session or "cmd.exe" process from the console
(taskmgr.exe)
 - You can't log the user off from Terminal Services Manager
 - You can't create another instance of "cmd.exe" in that terminal session
 - A reboot is required to kill the session.

Regards,

Mark Saum

Fidelis Consulting Corporation
Dallas, TX

-----Original Message-----
From: SIFFREDI DANIEL [mailto:DSIFFREDI () nacion-afjp com ar]
Sent: Friday, July 27, 2001 2:45 PM
To: 'bugtraq () securityfocus com'
Subject: bug w2k


Hello, this is a new bug found in W2K in all flavors, works with all levels
of users.

Here is the proof of concept:

Open a Cmd Window
Ping to any host (for example ping 10.100.2.1 preferred a host in your LAN),
no switch needed. Just ping
Now press F7 and Enter (try a couple of times quickly...less than ten , and
you can see what a meaning)
The machine reboots, from nothing a warm reboot.
Please let me know if you have the same bug. I tried this in W2k sp2 English
and Spanish.


Daniel Siffredi
Administrador de Red de Microinformatica.
Nacion AFJP SA


-- 
I live in my own little world, but it's ok, they know me
here.

Current thread:

RE: bug w2k Mark Saum (Jul 30)
- Re: bug w2k Blue Boar (Jul 30)
  - Re: bug w2k ANdrei (Jul 30)
  - Re: bug w2k Robert Kinsey - VIS Contractor (Jul 30)
- Re: bug w2k kam (Jul 30)
  - RE: bug w2k Eugene Bodenstein (Jul 31)
- <Possible follow-ups>
- RE: bug w2k Jon Westmuckett (Jul 30)
  - Re: bug w2k ANdrei (Jul 30)
    - Re: bug w2k jan (Jul 30)
  - Re: bug w2k cdowns (Jul 30)
    - Re: bug w2k Nexus (Jul 30)
- Re: bug w2k Przemyslaw Frasunek (Jul 30)
  - Re: bug w2k stefmit (Jul 30)
- RE: bug w2k Corwin, George (Jul 30)
- RE: bug w2k Edwin Concepcion (Jul 30)
- RE: bug w2k Ross Lotharius (Jul 30)