Dailydave mailing list archives

Re: information about Microsoft Windows PnP Denial of Service (16/11/2005) Bugtraq ID: 15460 (security focus)

From: Pusscat <pusscat () gmail com>
Date: Mon, 20 Feb 2006 10:30:57 -0500

It looks like your stub data is incorrect for the call here. Check the MIDL
and make sure that you're sending the right amount and format. I don't
really remember off the cuff what error number this relates to, but I'd
guess it's 6c6 or something like that.  Make sure that you've get an NDR
long before your string if it's marked unique, and that your strings are
proper NDR format as well.

While the DoS condition does exist on XPSP2, it doesn't seem possible to
crash the machine like on win2k, also, it's very difficult to consume more
than 60% the size of the allowable swap file.

This DoS condition can be found in almost all DLLs with remoted function
calls.


On 2/18/06 6:08 AM, "falconepippo () libero it" <falconepippo () libero it> wrote:

Hi,
i'm italian student that study the Microsoft Windows PnP Denial of Service
(16/11/2005) Bugtraq ID:  15460  on site securityfocus.com! I have some
problem to test the exploit PnPDoS realized by Winny thomas:

This is a test on WIndows 2000 server sp3:

Memory leak when sending upnp_getdevicelist request

[*] Resolving 192...: OK
[*] Sending SMB Negotiate request: OK
[*] Sending Null Session request: OK
[*] Sending Null Session request: OK
[*] Sending Tree Connect request: OK
[*] Sending NT Creat AndX request: OK
[*] Sending DCE RPC Bind UPNPMGR request: OK
[*] UPNPMGR upnp_getdevicelist request: nca_s_fault_ndr

Why this error?how i can resolve?

Why when i test windows xp with or without sp1! the error  displayed on
ethereal is

DCERPC   Bind_ack: call_id: 0 Provider rejection, reason: Abstract syntax not
supported

Why this error?

I have read that dave aitel have realized an exploit on windows xp sp2 and
visit the list on daily dave i have read that exist an
rpc_srvsvc_mmallocdos.rar that realized this!is possible obtain this or
information about the correction on PnPDoS etc...

Thanks.


~ Puss

Current thread:

information about Microsoft Windows PnP Denial of Service (16/11/2005) Bugtraq ID: 15460 (security focus) falconepippo () libero it (Feb 18)
- Re: information about Microsoft Windows PnP Denial of Service (16/11/2005) Bugtraq ID: 15460 (security focus) Pusscat (Feb 21)