Dailydave mailing list archives

information about Microsoft Windows PnP Denial of Service (16/11/2005) Bugtraq ID: 15460 (security focus)

From: "falconepippo () libero it" <falconepippo () libero it>
Date: Sat, 18 Feb 2006 12:08:32 +0100

Hi,
i'm italian student that study the Microsoft Windows PnP Denial of Service (16/11/2005) Bugtraq ID:  15460  on site 
securityfocus.com! I have some problem to test the exploit PnPDoS realized by Winny thomas:

This is a test on WIndows 2000 server sp3:

Memory leak when sending upnp_getdevicelist request

[*] Resolving 192...: OK
[*] Sending SMB Negotiate request: OK
[*] Sending Null Session request: OK
[*] Sending Null Session request: OK
[*] Sending Tree Connect request: OK
[*] Sending NT Creat AndX request: OK
[*] Sending DCE RPC Bind UPNPMGR request: OK
[*] UPNPMGR upnp_getdevicelist request: nca_s_fault_ndr

Why this error?how i can resolve?

Why when i test windows xp with or without sp1! the error  displayed on ethereal is

DCERPC   Bind_ack: call_id: 0 Provider rejection, reason: Abstract syntax not supported

Why this error?

I have read that dave aitel have realized an exploit on windows xp sp2 and visit the list on daily dave i have read 
that exist an rpc_srvsvc_mmallocdos.rar that realized this!is possible obtain this or information about the correction 
on PnPDoS etc...

Thanks.

Current thread:

information about Microsoft Windows PnP Denial of Service (16/11/2005) Bugtraq ID: 15460 (security focus) falconepippo () libero it (Feb 18)
- Re: information about Microsoft Windows PnP Denial of Service (16/11/2005) Bugtraq ID: 15460 (security focus) Pusscat (Feb 21)