Full Disclosure mailing list archives
Re: All you WMF haxxors are belong to...... Mr Moore
From: H D Moore <fdlist () digitaloffense net>
Date: Mon, 23 Jan 2006 11:38:33 -0600
There are a handful of cases where a malicious server / mitm could cause the Framework to run out of memory. We aren' t that concerned with it -- if you can find a way to do something useful (run code, etc), let us know. We might look at limiting this in version 3.0, but no matter what 'max size' we place on a protocol response, its never going to be small enough to account for the low-end system or big enough to handle truly gigantic (legit) replies. The SMB, DCERPC, and BackupExec protocols also suffer from 'arbitrary malloc and die' issues. -HD On Monday 23 January 2006 08:40, H D Moore wrote:
Nice DoS bug, next time try emailing us first :-) -HD On Monday 23 January 2006 04:23, cranium pain wrote:WMF Exploit vulnerable? [*] Starting Reverse Handler. [*] Waiting for connections to http://0.0.0.0:80/ [*] Got connection from 0.0.0.0:443 <-> 1.1.1.1:42121 [*] Sending Stage (2834 bytes) [*] Sleeping before sending dll. [*] Uploading dll to memory (69643), Please wait... [*] Upload completed meterpreter> Out of memory during "large" request for 2147487744 bytes, total sbrk() is 17950720 bytes at /home/framework/lib/Pex/Meterpreter/Packet.pm line 509 509: $res -1 if ($res >= 0 and not defined(recv($fd, $tempBuffer, $tempBufferLength, 0))); -- "haxxoring haxxors for fun and fun"_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- All you WMF haxxors are belong to...... Mr Moore cranium pain (Jan 23)
- Re: All you WMF haxxors are belong to...... Mr Moore H D Moore (Jan 23)
- Re: All you WMF haxxors are belong to...... Mr Moore H D Moore (Jan 23)
- Re: All you WMF haxxors are belong to...... Mr Moore H D Moore (Jan 23)