Bugtraq mailing list archives
NTCrash2
From: aleph1 () DFW NET (Aleph One)
Date: Wed, 25 Mar 1998 23:34:23 -0600
Date: Wed, 25 Mar 1998 16:11:17 +0000 From: Paul Ashton <paul () ARGO DEMON CO UK> To: NTBUGTRAQ () LISTSERV NTBUGTRAQ COM Subject: NTCrash2 From: http://www.ntinternals.com/ntdll.htm by Mark Russinovich.
A little over a year ago I wrote a program called NTCrash that barraged the Native API interface with garbage parameters. The program discovered 13 WIN32K system services that failed to perform comprehensive parameter validation, the result of which were Blue Screens. Microsoft closed these holes in Service Pack 1.
About two months ago I revisited NTCrash and tweaked it to be more intelligent about generating garbage - the garbage this new version, NTCrash2, produces hits boundary conditions that can be easy to miss in validation. In fact, this revision found 40 more APIs with Blue Screen holes. Microsoft has been made aware of the holes and they will be closed in Service Pack 4."
40?! I wonder how many of these could be turned into exploits? Paul -- "Il software e' come il sesso; e' meglio quando e' gratis - LT"
Current thread:
- MySQL Security, (continued)
- MySQL Security Sandu Mihai (Mar 29)
- Re: MySQL Security Aleph One (Mar 29)
- Eudora Pro 4.0 attachment/long filename problem whiz (Mar 29)
- mysql: MySQL Security Michael Widenius (Mar 29)
- wtmpx utility for solaris Ryan (Mar 30)
- Re: wtmpx utility for solaris Mikael Brandstrom (Mar 31)
- HPSBUX9803-077 Security Vulnerability with inetd on HP-UX Aleph One (Mar 30)
- Re: Trivial mSQL/MySQL DoS method? Nigel Reed (Mar 26)