Dailydave mailing list archives
Re: MSRPC vulnerability 1 billion and six?
From: H D Moore <hdm-daily-dave () digitaloffense net>
Date: Thu, 17 Nov 2005 08:11:42 -0600
This bug is much wider scoped than most people realize, a friend of mine found it when writing his muddle implementation a few months ago. You can trigger it about 12 different ways on Win2000 and at least 2 different ways on XP. The bug itself is pretty silly (oh noes! arbitrary malloc!), but you can use it to exploit out of memory conditions in other services. On Windows XP SP2, one of the vectors is a function in the "Server" service, accessible via the \BROWSER pipe. -HD On Thursday 17 November 2005 06:29, Dave Aitel wrote:
I have to assume its just "connect to a service, send it a lot of data". I don't see why that wouldn't work against SP2. You can connect to services and send lots of data on SP2 as well. Of course, it's irresponsible of Microsoft to not offer more information on what the vulnerability is, so that customers can be informed and protect themselves. Does anyone have the code itself so all the various IPS/IDS teams out there can provide solutions, and the free software community can devise free solutions?
Current thread:
- MSRPC vulnerability 1 billion and six? Dave Aitel (Nov 17)
- Re: MSRPC vulnerability 1 billion and six? Nicolas RUFF (Nov 17)
- Re: MSRPC vulnerability 1 billion and six? Dave Aitel (Nov 17)
- Re: MSRPC vulnerability 1 billion and six? Alexander Sotirov (Nov 17)
- Re: MSRPC vulnerability 1 billion and six? H D Moore (Nov 17)
- Re: MSRPC vulnerability 1 billion and six? Dave Aitel (Nov 17)
- Re: MSRPC vulnerability 1 billion and six? Dave Aitel (Nov 17)
- Re: MSRPC vulnerability 1 billion and six? Nicolas RUFF (Nov 17)
- Re: MSRPC vulnerability 1 billion and six? Dave Aitel (Nov 17)
- Re: MSRPC vulnerability 1 billion and six? Dave Aitel (Nov 17)
- Re: MSRPC vulnerability 1 billion and six? Thomas Lakofski (Nov 20)
- Re: MSRPC vulnerability 1 billion and six? H D Moore (Nov 17)
- Re: MSRPC vulnerability 1 billion and six? Dave Aitel (Nov 17)