Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

win32k bug - Smss crashes when Csrss terminates

From: c0ncept () hushmail com
Date: Tue Jul 31 08:52:13 PDT 2001
-----BEGIN PGP SIGNED MESSAGE-----


okay...i sent this in once and it bounced, so here we go again...

        According to Inside Windows 2000 Server (the MS Press one, not
the Adison
Wisely) it talks about this in chapter 2 under Key System Components. If
the
user-mode Win32 subsytem would result in a system crash because the Smss
service (the parent process) performs a wait operation on csrss.exe (the
Win32 subsystem) and if the wait ever returns smss crashed the system.

 [It's in the discussion of why NT 4.0 didn't loos stability due to
including the GDI stuff in the kernel...]

        -- c0ncept

- -----Original Message-----
From: Edwin Concepcion [mailto:mer.concepcion () codetel net do]
Sent: Monday, July 30, 2001 1:01 PM
To: vuln-dev () securityfocus com
Subject: RE: bug w2k



Confirmed working on NT Workstation 4+SP6a

STOP: c000021a {Fatal Subsystem Error}
The Windows SubSistem system process terminated unexpectedly with a
status
of 0xc0000005 (0x5ffbed90 0x01efc0c)


Edwin Concepcion
Consultor Informatico


- -----Original Message-----
From: SIFFREDI DANIEL [mailto:DSIFFREDI () nacion-afjp com ar]
Sent: Friday, July 27, 2001 2:45 PM
To: 'bugtraq () securityfocus com'
Subject: bug w2k


Hello, this is a new bug found in W2K in all flavors, works with all
levels
of users.

Here is the proof of concept:

Open a Cmd Window
Ping to any host (for example ping 10.100.2.1 preferred a host in your
LAN),
no switch needed. Just ping
Now press F7 and Enter (try a couple of times quickly...less than ten ,
and
you can see what a meaning)
The machine reboots, from nothing a warm reboot.
Please let me know if you have the same bug. I tried this in W2k sp2
English
and Spanish.


Daniel Siffredi
Administrador de Red de Microinformatica.
Nacion AFJP SA

-----BEGIN PGP SIGNATURE-----
Version: Hush 2.0

wlwEARECABwFAjtm1C0VHGMwbmNlcHRAaHVzaG1haWwuY29tAAoJEPQWHaIUc7jEQnMA
n3CeRi+YbgUJgU7DE8fkOkzfny1uAKCewkCtIU3HYUIygpo0kI6aJ8lCYw==
=GXC5
-----END PGP SIGNATURE-----

Free, secure Web-based email, now OpenPGP compliant - www.hushmail.com
Previous By Date Next
Previous By Thread Next

Current thread: