Full Disclosure mailing list archives
Re: [CVE-2012-0207] Linux IGMP Remote Denial Of Service
From: root <root_ () fibertel com ar>
Date: Thu, 19 Jan 2012 20:56:24 -0300
BTW you bug is a division by zero and it's here: Linux/net/ipv4/igmp.c 178 static void igmp_start_timer(struct ip_mc_list *im, int max_delay) 179 { 180 int tv = net_random() % max_delay; <--- max_delay==0 181 182 im->tm_running = 1; 183 if (!mod_timer(&im->timer, jiffies+tv+2)) 184 atomic_inc(&im->refcnt); 185 } 186 On 01/19/2012 08:49 PM, root wrote:
Hi, You already have a good reputation as a bug-finder. IMHO, releasing additional research in a hurry like this can only tarnish that reputation and feed the trolls. Providing a kernel stack trace ( http://imgur.com/klC4k ) or a more reliable PoC can't take more than an hour, and it will greatly enhance the quality of the report. If you are worried several people has founded a particular bug and publication is imminent, then maybe was not such a great find to begin with :) On 01/19/2012 02:32 PM, HI-TECH . wrote:Hi XD, Am 19. Januar 2012 15:27 schrieb xD 0x41 <secn3t () gmail com>:Oh and btw, that coding style, just aint you dude... you know, everyone has theyre own fingerprint, i find it really hard to think that, you just made this mistakes in cksum area,wich was area wich actually does the exploiting :P , so why release crap ? why not makeI release it because it worked for me INSIDE TWO VM's, I had no clue about the checksum error. I didnt cripple it. It worked in my tests because I bet the vmware did adjust the checksums to be correct. Why release that crap? Because I wanted to be the first to release an exploit for it for fame and glory and it was coded in a hurry, I was thinking it actually works (I am doing more tests now on real hardware so I can be sure)it half decent, and as i said, it was not even your coding style so im finding this really hard to believe it wwas yours, maybe was modified , from many many similars, but, i guess thats normal... you tend toIt is modified code from other coders as stated in the header.use perl, and bash alot, within your bash, is the .c, and that is your style... like zx2c has, like dan rosenberg and JO, all kep the same style, because it is habit for any coder.. you dont just change styles this fast, or did you get some realllly good ebooks coz, show me where you found so i can catch up to it :P)I didnt change my coding style, it was just done in a hurry so Dan or Jon wouldnt beat me on that BWHAHAHA.Love you long time pal, but, find this one abit shitty, and, i do like everything in past, your codes going back to you know when, but this is bs, and if you were gonna rls it, you shulda fucked with the numbers maybe, but, let it fkn run, it was made as poc for lan test right, so why cripple it, thats just silly... thats why i attack it, and, i dont really care a shit who coded it, but, i doubt it was anyone in that code.You can attack it its your opinion and thats totally fine. I didnt cripple the code actually.have a good day and, no offence over this but, it just shits me when people, who know better, go out of theyre way and release publically, shit wich is fucked up and, in this case, would waste a persons time, and, you even put tested on, and, now, how would it be tested with that cksum, please explain that then, your saying you dont have time but stop bullshit man, you crippled it, just fkn admit it, it could NOT work setup, without the damn cksum, as it was part of sento! how could this, be any use, even with the settings back to old, without my edit.... you show me one fucking real test, i mean, compile the code, infront of people, then go make your fYT vids, seriously, I have told Jon Oberheldie this, and others, str8 up, if you release crippled shit, your as shit as what you cripple mate.You forget about all the codes I rlsed before. As I said this was done in a hurry. You had a look at roaring beast ? How can you tell me I send crippled codes out? Buddy I m human too and do mistakes.thats just my point of view and really, this is d0s, wich, i dont care for..im saying, you dont see AB release some fucked up exploit everyAB? whos that ?2months, and makeSURE it dont work , you dont see anyone release shit like this anymore with such blatant errors, its just shitty, luckily i nano'd it, yea, i like nano ok, or i would have wasted timewtf ? come on.. nano.. this is getting sillykcope...its just that simple, and no offences atall, i was able to spot this, but, do not sit there, telling me and everyone else, that it was working, tested... coz, we both know that was NOT the same code released, you cannot deny the code.... simple. you screwed this one up. go back to exploiting :P itsd better and your better at it! :PAs I said I tested it with two VMS in a testbed and both Ubuntu and OpenSUSE crashed instantly.I like your shit, but, i realllllly prefer, when kxcope, is thinking of b0f and new methods etc, like i know the one from 2009 did, and found the biggest remote hole ever,and you even released this , and people can hate you and whatever but there is no denying it, your damn skilled, so im just saying, i dont like crippled work, nowdays, and when it is released with a mark of approval, from someone i trust.Its 2011 and I found a bug in FreeBSD ftpd. Which is better than ProFTPD coz it rocks, have you ever seen a bug in FreeBSD ftpd since ~10 years ?this is private, and, stays here but, this is why i attacked you dude, and, nothing bad about it, it stays here, and, thats it... i wont say shit, i have said what i wanted, your a nice guy, i like you, so, thats all, i just dont want to see you ending up like them other fags, they have 0 respect UG... you do atleast have that... fuck fd lists respect... but still, you just had to leave out that line 'tested' ;)I like the public scene more than the dark one.ok, sorry for any confusion etc but, thats all i think and, i want you to know exactly what i think, and know i am not being mean atall... and apologise for even puttingthat retort onto fd..i should have justOMG how the ***** you have time to write me so long lines ?pmd you, but i loose sight of your nickname sometimes...anyhow... i hope your not offended but, i did not try to offend you atall, i just found it really weird that yopu released that and, it was shitty lol... lan d0s :P i mean, we could have lan PARTY now, we could all get drunk and crunk but, not lan-d0s :PHEHE, I want to see the CCC Hackerspace got hit by that.hehe, tcare man, i fucking find you one of my inspirations and why i get up everyday, is to greet the people, who have some repspect in them, i will makesure also the post goes only for regged members or sumthin also, just to make it abit harder i guess for ppl to look at...fkit.. i should not have even bothered saying shit but, i love packets :PI have respect of you too. But next time please dont rls my FreeBSD locals on pastebin.i just do, and, i added the other codes, so anyone could modify the other codes, or port it to windows... and, nothing more... it is only a frag adding app, and shows basic socket use... nothing more... so, it was basically, an adon, to your tool, it would be nice to do a test with fragging.. anyhow, i might do that myself...see howfar this bug can be pushed... take care man, i hope your cool , take it easy and speak to you soon drewOk good, so your code works actually? Over the internet ............ This is an exercise for the interested reader. Regards, KingcopeOn 20 January 2012 00:28, HI-TECH . <isowarez.isowarez.isowarez () googlemail com> wrote:Hello xD, sorry I don't understand a word you are talking about. To put everything together about what you were ranting would take too much time for me. Did I offend you in any way ? It's just a PoC for people to test their systems nothing else... I cannot check each every system if it works, I just checked two boxes and thats enough for me. Regards, Kc Am 19. Januar 2012 04:56 schrieb xD 0x41 <secn3t () gmail com>:Now, heres the one wich works, without in_chksum bug ;) http://pastebin.com/x1ShKAUT now, sorry but, had to try it remotely, sheesh, and, you dont cripple, code of old bugs and, half of this code is from an old bug anyhow, so why the heck not leave it... i guess now your starting to look like Jon Oberheldie the king of fucked up cripples... lol... ewnjoy folks. this version, may even work! omg isnt this amazing!! XD says to FD a BIG FUCKS YOU ,well cept kcope and few other decent guys like me :P ,and nme, and tropic and well, #Haxnet :) now go fucking shoot yourselves away with your newbie working undeadattack.. dont know why someone did not inform me they would cripple it, and maybe forward a copy to me but, now this file, goes where the rest go, to the shame files... On 18 January 2012 08:11, HI-TECH . <isowarez.isowarez.isowarez () googlemail com> wrote:Demonstration of the Exploit: http://www.youtube.com/watch?v=78nAxh70yZE (thanks ClsHack) see attached content /Kingcope _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: [CVE-2012-0207] Linux IGMP Remote Denial Of Service, (continued)
- Re: [CVE-2012-0207] Linux IGMP Remote Denial Of Service Dan Kaminsky (Jan 17)
- Re: [CVE-2012-0207] Linux IGMP Remote Denial Of Service Valdis . Kletnieks (Jan 17)
- Re: [CVE-2012-0207] Linux IGMP Remote Denial Of Service HI-TECH . (Jan 17)
- Re: [CVE-2012-0207] Linux IGMP Remote Denial Of Service xD 0x41 (Jan 17)
- Re: [CVE-2012-0207] Linux IGMP Remote Denial Of Service xD 0x41 (Jan 18)
- Re: [CVE-2012-0207] Linux IGMP Remote Denial Of Service HI-TECH . (Jan 19)
- Re: [CVE-2012-0207] Linux IGMP Remote Denial Of Service xD 0x41 (Jan 19)
- Message not available
- Re: [CVE-2012-0207] Linux IGMP Remote Denial Of Service HI-TECH . (Jan 19)
- Re: [CVE-2012-0207] Linux IGMP Remote Denial Of Service xD 0x41 (Jan 19)
- Re: [CVE-2012-0207] Linux IGMP Remote Denial Of Service root (Jan 19)
- Re: [CVE-2012-0207] Linux IGMP Remote Denial Of Service root (Jan 19)
- Re: [CVE-2012-0207] Linux IGMP Remote Denial Of Service HI-TECH . (Jan 19)
- Re: [CVE-2012-0207] Linux IGMP Remote Denial Of Service Dan Kaminsky (Jan 17)
- Re: [CVE-2012-0207] Linux IGMP Remote Denial Of Service GloW - XD (Jan 19)