Dailydave mailing list archives
MSRPC vulnerability 1 billion and six?
From: Dave Aitel <dave () immunitysec com>
Date: Thu, 17 Nov 2005 07:29:03 -0500
I have to assume its just "connect to a service, send it a lot of data". I don't see why that wouldn't work against SP2. You can connect to services and send lots of data on SP2 as well.
Of course, it's irresponsible of Microsoft to not offer more information on what the vulnerability is, so that customers can be informed and protect themselves. Does anyone have the code itself so all the various IPS/IDS teams out there can provide solutions, and the free software community can devise free solutions? It was probably irresponsible not to allocate resources to the MSRPC development team that would have found and fixed this sort of thing long ago.
I really want to inject Ethereal into every process as a network shim, and have it throw away any packets it doesn't know how to parse. I think that'd be a neat tool for stopping this sort of thing. But then, I don't do defense, so I haven't allocated any resources to it.
-daveP.S. "Use tons of memory and cause a temporary denial of service? Heck, my Windows machine does that all by itself!"
http://www.microsoft.com/technet/security/advisory/911052.mspx Microsoft Security Advisory (911052) Memory Allocation Denial of Service Via RPC
Current thread:
- MSRPC vulnerability 1 billion and six? Dave Aitel (Nov 17)
- Re: MSRPC vulnerability 1 billion and six? Nicolas RUFF (Nov 17)
- Re: MSRPC vulnerability 1 billion and six? Dave Aitel (Nov 17)
- Re: MSRPC vulnerability 1 billion and six? Alexander Sotirov (Nov 17)
- Re: MSRPC vulnerability 1 billion and six? H D Moore (Nov 17)
- Re: MSRPC vulnerability 1 billion and six? Dave Aitel (Nov 17)
- Re: MSRPC vulnerability 1 billion and six? Dave Aitel (Nov 17)
- Re: MSRPC vulnerability 1 billion and six? Nicolas RUFF (Nov 17)
- Re: MSRPC vulnerability 1 billion and six? Dave Aitel (Nov 17)
- Re: MSRPC vulnerability 1 billion and six? Dave Aitel (Nov 17)