Vulnerability Development mailing list archives
Re: win2k console bug
From: Marius Huse Jacobsen <mahuja () C2I NET>
Date: Sat, 24 Feb 2001 01:38:26 +0100
I think the bug is located in what is the windows version of the x windows system "terminal emulator" It will happen if that stream is read from a file (type x) too. ----- Original Message ----- From: "Philip Stoev" <philip () STOEV ORG> To: <VULN-DEV () SECURITYFOCUS COM> Sent: Wednesday, February 21, 2001 8:13 PM Subject: win2k console bug
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I have found the following interesting behavoir: The netcat tool when used as a telnet-like application sends all info it receives over the network to the console. The win2k console has the tendency to interpret this output, including the "bell" character. The interesting part is that when many "bell" characters are received, the console locks up, taking all other consoles open on that machine with it. They can not be closed with the TaskManager -- the only way to stop the debilitating noise is to shut down (or logout?). So, if somebody uses netcat to connect to a malicious site, and the site stats sending garbage to him, the scenario described above will happen. Telnet.exe is not vulnerable to this, since it filters out the offending characters. However, if you do a type on a good binary stream (many bells and no EOFs), the same thing will happen, which is to say that the problem is in cmd.exe. Philip -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com> iQA/AwUBOpQTNFi4DH/L1CReEQKaSgCgzQFA/ipJMBmLqm9S0PROc1TKNz4An1P5 TXPE4gaMzZul4Ihh/W5q5YPK =LnqA -----END PGP SIGNATURE-----
Current thread:
- win2k console bug Philip Stoev (Feb 21)
- Re: win2k console bug Marius Huse Jacobsen (Feb 23)