Vulnerability Development mailing list archives
Re: Crashing Win9x with smbclient
From: marc () EEYE COM (Marc)
Date: Tue, 14 Mar 2000 09:22:21 -0800
From what I've seen the bluescreen con/con stuff is only happening if you
are able to connect to a share. So if you don't have access to a share you can't make it bluescreen. So maybe it would be worth it to try con/con related things against stuff like ipc$. so you don't even need access to a share but just to do a null session connection. just a thought. Signed, Marc eEye Digital Security http://www.eEye.com "It is the years that blind you. Searching so hard for success you lose grasp on the basic wonders of being alive." -chameleon | -----Original Message----- | From: VULN-DEV List [mailto:VULN-DEV () SECURITYFOCUS COM]On Behalf Of Bud | Meister | Sent: Monday, March 13, 2000 2:52 PM | To: VULN-DEV () SECURITYFOCUS COM | Subject: Crashing Win9x with smbclient | | | Hi everyone, | | I'm an assistant in a high school computer lab with about | 25 Win9x workstations and a Linux server. All the stations | have a shared "My Documents" directory, so students can | save their work locally and still be able to access it from | other workstations. The Linux server is really only there | for my own personal use, not as a student fileserver | (hence the shares). | | After reading the thread about the 'con\con' bug, I decided | to do a little experimenting. Here's what I found | (displayed information is skewed): | | -------------------- | [neo@neo ~]$ smbclient '\\station-1\my documents' | Password: | | smb:\> ls | Sarah1.doc 358739857 48574 | JoePic.jpg 7634733 873 | | smb:\> cd con\con | *disconnect* | | [neo@neo ~]$ | -------------------- | | After I attempted the change directory command, Station-1 bluescreened | immediately. I repeated this process on 5 other workstations, and all | bluescreened; some were recoverable (but too unstable to continue without | a reboot), but most had to be rebooted. | | This bug probably won't have any affect on our network, since we're | running | IP masquerading on our router and nothing can come in. The only way I've | exploited it remotely is by using smbclient on a Windows machine (my | Linux box is the only one in the school). | | As for larger effects, I couldn't say. That's why I mentioned it here :) | I realize this is somewhat of an old problem, and this technique may | have already been discovered, but I'm curious to see what others have | to say on this topic. | | | ----->Buddy | budmeister1 () juno com | http://tenbux.iwarp.com/ | | ________________________________________________________________ | YOU'RE PAYING TOO MUCH FOR THE INTERNET! | Juno now offers FREE Internet Access! | Try it today - there's no risk! For your FREE software, visit: | http://dl.www.juno.com/get/tagj. |
Current thread:
- Crashing Win9x with smbclient Bud Meister (Mar 13)
- Intel Corporation, Express 550F Switch unlimited password attempts Knud Erik Højgaard (Feb 14)
- Re: Intel Corporation, Express 550F Switch unlimited password attempts rpc (Mar 15)
- Re: Intel Corporation, Express 550F Switch unlimited password attempts David Schwartz (Mar 19)
- CGI directory path NiGHTfly (Jul 07)
- Re: CGI directory path Vladimir Dubrovin (Mar 20)
- Re: CGI directory path mock () ACTIVESTATE COM (Mar 20)
- Re: Intel Corporation, Express 550F Switch unlimited password attempts rpc (Mar 15)
- Intel Corporation, Express 550F Switch unlimited password attempts Knud Erik Højgaard (Feb 14)
- Re: Crashing Win9x with smbclient Marc (Mar 14)
- Re: Crashing Win9x with smbclient Drew (Mar 14)
- Re: Crashing Win9x with smbclient Edsel Adap (Mar 15)
- Re: Crashing Win9x with smbclient Bluefish (Mar 20)
- Crashing Win9x with smbclient - But NT & W2K? Bluefish (Mar 26)
- Re: Crashing Win9x with smbclient - But NT & W2K? Magus Ba'al (Mar 27)
- Re: Crashing Win9x with smbclient - But NT & W2K? vventura () SIA PT (Mar 27)
- Re: Crashing Win9x with smbclient - But NT & W2K? Kenneth Ish (Mar 27)
- Re: Crashing Win9x with smbclient - But NT & W2K? Stefan Fritsche (Mar 29)