Bugtraq mailing list archives
[NTSEC] (It gets worse) NT vulnerable to DOS attack on more than
From: beck () obtuse com (Bob Beck)
Date: Sat, 25 Jan 1997 12:08:08 -0600
This is clearly the biggest bug yet. I can kill all of the services of MS Exchange Server, as well as INETINFO (MSX doesn't rely on INETINFO). So clearly this bad code has been used in numerous products. Cheers, Russ R.C. Consulting, Inc. - NT/Internet Security Consulting "Why does Plug-n-Play so often turn into Unplug-n-Pay?"
Owch.. Yep.. looks like it's both dynamic (i.e. port 1031 isn't always the port it ends up on) and it's used in more than just that. The box I tried it on first was pretty stock. I tried it on a loaded up box (Exchange and Winframe 3.51) and there are *lots* of ports that little perl script kills it on. Good thing I have an extremely anal-retentive packet filter in front of that one :-) So it looks like all you need to is use that perl script (or modify Proff's strobe program to heave something at the port when it connects) and lots of things hardloop. Sorry kids, it's not another static port, It's all over the place int MS's code. so it depends what you run on your server. The released microsoft fix does *NOT* fix this. it ONLY fixes the problem on port 135. -Bob -- Bob Beck Obtuse Systems Corporation beck () obtuse com http://www.obtuse.com/ True Evil hides its real intentions in its street address. Search and you shall find it, and the truth shall set you free.
Current thread:
- Re: Screen tmp race temp fix Michal Zalewski (Aug 16)
- Re: Screen tmp race temp fix David Luyer (Aug 19)
- [NTSEC] (It gets worse) NT vulnerable to DOS attack on more than Bob Beck (Jan 25)
- firewall-1: old broadcast address hole? Tom Vandepoel (Apr 24)
- another irix buffer overflow... David Hedley (May 26)
- one last one for this evening... David Hedley (May 26)
- Vulnerability Database Matt Barrie (Jun 22)
- perl version of that tin opener (IOS decrypt.c) Riku Meskanen (Jan 11)
- pnserver exploit.. Aleph One (Jan 15)
- Universal Wrapper Willy TARREAU (Mar 03)
- Re: Screen tmp race temp fix Philip Guenther (Aug 19)
- Retraction and apology route () RESENTMENT INFONEXUS COM (Aug 20)
- <Possible follow-ups>
- Screen tmp race temp fix marcelo () FREAK CONECTIVA COM BR (Aug 18)
- Re: Screen tmp race temp fix David Luyer (Aug 19)