Dailydave mailing list archives
Re: GREENAPPLE Release
From: Dave Aitel <dave () immunitysec com>
Date: Thu, 10 Feb 2005 08:20:34 -0500
Immunity has released greenapple.py to CANVAS customers - just as a DoS for now, although it does get EIP cleanly. The ISS note (I like how they sum things up in their alerts, btw. Very clear and concise) - claims it as a heap overflow, which is true, but there are also nice clean stack overflows and other fun things. There's a ton of bugs here, and you get to choose which one you exploit.
Basically, out of all that stuff, we have a bunch of client-side attacks, a local or two, and this remote, which only works on the local network (?). Not as exciting as you would think from all the hoopla! This is the problem with calling everything "remote code execution" when it's really "client side remote code execution" or "post-auth remote code execution". Someone go ping Microsoft and tell them they're making mountains out of molehills.
Dave Aitel Immunity, Inc. Sinan Eren wrote:
My brief analysis back in the day when Dave blue-screen'ed his box was that, this is a clean kernel stack overflow. With cpl of tweaks in the payload i was able to get eip/ebp control. We didnt have time back than to write a full blown exploit, hoping that the bug might live for many more years to come ;-(Thanks, Sinan Eren Immunity, Inc. Research On Tue, 8 Feb 2005, Dave Aitel wrote:Reference: http://lists.virus.org/dailydave-0411/msg00028.htmlThis is a quick announcement that the recent Microsoft patch (MS-05- has fixed a vulnerability I found a while back in SMB. (http://www.microsoft.com/technet/security/bulletin/ms05-011.mspx)More information on this vulnerability is available at: https://www.immunitysec.com/resources-advisories.shtmlThanks, Dave Aitel Immunity, Inc. _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com https://lists.immunitysec.com/mailman/listinfo/dailydave
_______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com https://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- GREENAPPLE Release Dave Aitel (Feb 08)
- Re: GREENAPPLE Release Sinan Eren (Feb 08)
- Re: GREENAPPLE Release Dave Aitel (Feb 10)
- Re: GREENAPPLE Release Sinan Eren (Feb 08)