Dailydave mailing list archives

Re: MSRPC vulnerability 1 billion and six?

From: Alexander Sotirov <asotirov () determina com>
Date: Thu, 17 Nov 2005 14:56:30 -0800

Dave Aitel wrote:

Hmm. I guess one possible fix would be
[size_is(size)] [out] * IDL's parsed to be a maximum of "freememory/2".


This wouldn't help much, becase the memory is zeroed with rep stosd after it is
allocated. Not only does this consume 100% CPU for a while, it also commits
every allocated page and might force other programs to get swapped out.

Alex

Current thread:

MSRPC vulnerability 1 billion and six? Dave Aitel (Nov 17)
- Re: MSRPC vulnerability 1 billion and six? Nicolas RUFF (Nov 17)
  - Re: MSRPC vulnerability 1 billion and six? Dave Aitel (Nov 17)
    - Re: MSRPC vulnerability 1 billion and six? Alexander Sotirov (Nov 17)
    - Re: MSRPC vulnerability 1 billion and six? H D Moore (Nov 17)
    - Re: MSRPC vulnerability 1 billion and six? Dave Aitel (Nov 17)
- Re: MSRPC vulnerability 1 billion and six? Dave Aitel (Nov 17)
- Re: MSRPC vulnerability 1 billion and six? H D Moore (Nov 17)
  - Re: MSRPC vulnerability 1 billion and six? Dave Aitel (Nov 17)
- Re: MSRPC vulnerability 1 billion and six? halvar (Nov 17)
  - Re: MSRPC vulnerability 1 billion and six? Dave Aitel (Nov 17)
  - Re: MSRPC vulnerability 1 billion and six? Thomas Lakofski (Nov 20)
- Re: MSRPC vulnerability 1 billion and six? Blue Boar (Nov 17)
  - Re: MSRPC vulnerability 1 billion and six? H D Moore (Nov 17)

(Thread continues...)