Vulnerability Development mailing list archives
win32k bug - Smss crashes when Csrss terminates
From: c0ncept () hushmail com
Date: Tue Jul 31 08:52:13 PDT 2001
-----BEGIN PGP SIGNED MESSAGE----- okay...i sent this in once and it bounced, so here we go again... According to Inside Windows 2000 Server (the MS Press one, not the Adison Wisely) it talks about this in chapter 2 under Key System Components. If the user-mode Win32 subsytem would result in a system crash because the Smss service (the parent process) performs a wait operation on csrss.exe (the Win32 subsystem) and if the wait ever returns smss crashed the system. [It's in the discussion of why NT 4.0 didn't loos stability due to including the GDI stuff in the kernel...] -- c0ncept - -----Original Message----- From: Edwin Concepcion [mailto:mer.concepcion () codetel net do] Sent: Monday, July 30, 2001 1:01 PM To: vuln-dev () securityfocus com Subject: RE: bug w2k Confirmed working on NT Workstation 4+SP6a STOP: c000021a {Fatal Subsystem Error} The Windows SubSistem system process terminated unexpectedly with a status of 0xc0000005 (0x5ffbed90 0x01efc0c) Edwin Concepcion Consultor Informatico - -----Original Message----- From: SIFFREDI DANIEL [mailto:DSIFFREDI () nacion-afjp com ar] Sent: Friday, July 27, 2001 2:45 PM To: 'bugtraq () securityfocus com' Subject: bug w2k Hello, this is a new bug found in W2K in all flavors, works with all levels of users. Here is the proof of concept: Open a Cmd Window Ping to any host (for example ping 10.100.2.1 preferred a host in your LAN), no switch needed. Just ping Now press F7 and Enter (try a couple of times quickly...less than ten , and you can see what a meaning) The machine reboots, from nothing a warm reboot. Please let me know if you have the same bug. I tried this in W2k sp2 English and Spanish. Daniel Siffredi Administrador de Red de Microinformatica. Nacion AFJP SA -----BEGIN PGP SIGNATURE----- Version: Hush 2.0 wlwEARECABwFAjtm1C0VHGMwbmNlcHRAaHVzaG1haWwuY29tAAoJEPQWHaIUc7jEQnMA n3CeRi+YbgUJgU7DE8fkOkzfny1uAKCewkCtIU3HYUIygpo0kI6aJ8lCYw== =GXC5 -----END PGP SIGNATURE----- Free, secure Web-based email, now OpenPGP compliant - www.hushmail.com
Current thread:
- win32k bug - Smss crashes when Csrss terminates c0ncept (Jul 31)