Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [CVE-2012-0207] Linux IGMP Remote Denial Of Service

From: root <root_ () fibertel com ar>
Date: Thu, 19 Jan 2012 20:56:24 -0300
BTW you bug is a division by zero and it's here:

Linux/net/ipv4/igmp.c

178 static void igmp_start_timer(struct ip_mc_list *im, int max_delay)
179 {
180         int tv = net_random() % max_delay;  <---  max_delay==0
181
182         im->tm_running = 1;
183         if (!mod_timer(&im->timer, jiffies+tv+2))
184                 atomic_inc(&im->refcnt);
185 }
186




On 01/19/2012 08:49 PM, root wrote:

Hi,

You already have a good reputation as a bug-finder.
IMHO, releasing additional research in a hurry like this can only
tarnish that reputation and feed the trolls.
Providing a kernel stack trace ( http://imgur.com/klC4k ) or a more
reliable PoC can't take more than an hour, and it will greatly enhance
the quality of the report.

If you are worried several people has founded a particular bug and
publication is imminent, then maybe was not such a great find to begin
with :)






On 01/19/2012 02:32 PM, HI-TECH . wrote:

Hi XD,

Am 19. Januar 2012 15:27 schrieb xD 0x41 <secn3t () gmail com>:

Oh and btw, that coding style, just aint you dude... you know,
everyone has theyre own fingerprint, i find it really hard to think
that, you just made this mistakes in cksum area,wich was area wich
actually does the exploiting :P , so why release crap ? why not make


I release it because it worked for me INSIDE TWO VM's, I had no clue about the
checksum error. I didnt cripple it. It worked in my tests because I
bet the vmware
did adjust the checksums to be correct.
Why release that crap? Because I wanted to be the first to release an
exploit for it
for fame and glory and it was coded in a hurry, I was thinking it
actually works (I am doing
more tests now on real hardware so I can be sure)


it half decent, and as i said, it was not even your coding style so im
finding this really hard to believe it wwas yours, maybe was modified
, from many many similars, but, i guess thats normal... you tend to


It is modified code from other coders as stated in the header.


use perl, and bash alot, within your bash, is the .c, and that is your
style... like zx2c has, like dan rosenberg and JO, all kep the same
style, because it is habit for any coder.. you dont just change styles
this fast, or did you get some realllly good ebooks coz, show me where
you found so i can catch up to it :P)


I didnt change my coding style, it was just done in a hurry so Dan or
Jon wouldnt beat me on that BWHAHAHA.


Love you long time pal, but, find this one abit shitty, and, i do like
everything in past, your codes going back to you know when, but this
is bs, and if you were gonna rls it, you shulda fucked with the
numbers maybe, but, let it fkn run, it was made as poc for lan test
right, so why cripple it, thats just silly... thats why i attack it,
and, i dont really care a shit who coded it, but, i doubt it was
anyone in that code.


You can attack it its your opinion and thats totally fine. I didnt
cripple the code
actually.


have a good day and, no offence over this but, it just shits me when
people, who know better, go out of theyre way and release publically,
shit wich is fucked up and, in this case, would waste a persons time,
and, you even put tested on, and, now, how would it be tested with
that cksum, please explain that then, your saying you dont have time
but stop bullshit man, you crippled it, just fkn admit it, it could
NOT work setup, without the damn cksum, as it was part of sento! how
could this, be any use, even with the settings back to old, without my
edit.... you show me one fucking real test, i mean, compile the code,
infront of people, then go make your fYT vids, seriously, I have told
Jon Oberheldie this, and others, str8 up, if you release crippled
shit, your as shit as what you cripple mate.


You forget about all the codes I rlsed before. As I said this was done
in a hurry. You had a look at roaring beast ? How can you tell me I send
crippled codes out? Buddy I m human too and do mistakes.


thats just my point of view and really, this is d0s, wich, i dont care
for..im saying, you dont see AB release some fucked up exploit every


AB? whos that ?


2months, and makeSURE it dont work , you dont see anyone release shit
like this anymore with such blatant errors, its just shitty, luckily i
nano'd it, yea, i like nano ok, or i would have wasted time


wtf ? come on.. nano.. this is getting silly


kcope...its just that simple, and no offences atall, i was able to
spot this, but, do not sit there, telling me and everyone else, that
it was working, tested... coz, we both know that was NOT the same code
released, you cannot deny the code.... simple.
you screwed this one up. go back to exploiting :P itsd better and your
better at it! :P


As I said I tested it with two VMS in a testbed and both Ubuntu and
OpenSUSE crashed
instantly.


I like your shit, but, i realllllly prefer, when kxcope, is thinking
of b0f and new methods etc, like i know the one from 2009 did, and
found the biggest remote hole ever,and you even released this , and
people can hate you and whatever but there is no denying it, your damn
skilled, so im just saying, i dont like crippled work, nowdays, and
when it is released with a mark of approval, from someone i trust.


Its 2011 and I found a bug in FreeBSD ftpd. Which is better than ProFTPD coz
it rocks, have you ever seen a bug in FreeBSD ftpd since ~10 years ?


this is private, and, stays here but, this is why i attacked you dude,
and, nothing bad about it, it stays here, and, thats it... i wont say
shit, i have said what i wanted, your a nice guy, i like you, so,
thats all, i just dont want to see you ending up like them other fags,
they have 0 respect UG... you do atleast have that... fuck fd lists
respect... but still, you just had to leave out that line 'tested' ;)


I like the public scene more than the dark one.


ok, sorry for any confusion etc but, thats all i think and, i want you
to know exactly what i think, and know i am not being mean atall...
and apologise for even puttingthat retort onto fd..i should have just

OMG how the ***** you have time to write me so long lines ?


pmd you, but i loose sight of your nickname sometimes...anyhow... i
hope your not offended but, i did not try to offend you atall, i just
found it really weird that yopu released that and, it was shitty
lol... lan d0s :P i mean, we could have lan PARTY now, we could all
get drunk and crunk but, not lan-d0s :P


HEHE, I want to see the CCC Hackerspace got hit by that.


hehe, tcare man, i fucking find you one of my inspirations and why i
get up everyday, is to greet the people, who have some repspect in
them, i will makesure also the post goes only for regged members or
sumthin also, just to make it abit harder i guess for ppl to look
at...fkit.. i should not have even bothered saying shit but, i love
packets :P


I have respect of you too. But next time please dont rls my FreeBSD locals
on pastebin.


i just do, and, i added the other codes, so anyone could modify the
other codes, or port it to windows... and, nothing more... it is only
a frag adding app, and shows basic socket use... nothing more... so,
it was basically, an adon, to your tool, it would be nice to do a test
with fragging.. anyhow, i might do that myself...see howfar this bug
can be pushed... take care man, i hope your cool , take it easy and
speak to you soon
drew


Ok good, so your code works actually? Over the internet ............
This is an exercise for the interested reader.

Regards,

Kingcope



On 20 January 2012 00:28, HI-TECH .
<isowarez.isowarez.isowarez () googlemail com> wrote:

Hello xD,
sorry I don't understand a word you are talking about.
To put everything together about what you were ranting would take too
much time for me.
Did I offend you in any way ?
It's just a PoC for people to test their systems nothing else...
I cannot check each every system if it works, I just checked two boxes
and thats enough for me.

Regards,

Kc

Am 19. Januar 2012 04:56 schrieb xD 0x41 <secn3t () gmail com>:

Now, heres the one wich works, without in_chksum bug ;)

http://pastebin.com/x1ShKAUT

now, sorry but,  had to try it remotely, sheesh, and, you dont
cripple, code of old bugs and, half of this code is from an old bug
anyhow, so why the heck not leave it... i guess now your starting to
look like Jon Oberheldie the king of fucked up cripples... lol...
ewnjoy folks. this version, may even work! omg isnt this amazing!!
XD says to FD a BIG FUCKS YOU ,well cept kcope and few other decent
guys like me :P ,and nme, and tropic and well, #Haxnet :)
now go fucking shoot yourselves away with your newbie working
undeadattack.. dont know why someone did not inform me they would
cripple it, and maybe forward a copy to me but, now this file, goes
where the rest go, to the shame files...





On 18 January 2012 08:11, HI-TECH .
<isowarez.isowarez.isowarez () googlemail com> wrote:

Demonstration of the Exploit:
http://www.youtube.com/watch?v=78nAxh70yZE (thanks ClsHack)

see attached content

/Kingcope

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: