Nmap Development mailing list archives
Re: NSE Script to exploit the Windows Vista and 7 SMB 2.0 remote BSOD bug?
From: Rob Nicholls <robert () robnicholls co uk>
Date: Thu, 10 Sep 2009 18:34:45 +0100
On Thu, 10 Sep 2009 09:03:04 -0500, Ron <ron () skullsecurity net> wrote:
I haven't researched this -- do you know if there's a way to check for this vulnerability without crashing (or actively exploiting) the
machine? Hi Ron, I was hoping there might be an easier/less invasive way of testing this by checking the SMB2 version number, as they incremented the number from 2.001 to 2.002 with MS07-063: http://blogs.technet.com/srd/archive/2007/12/27/ms07-063-insecure-smbv2-signing-algorithm.aspx Sadly, it seems that Windows 7 RTM passes the same dialects as Vista ("SMB 2.002" and "SMB 2.???") so any tests based on this value alone would result in false positives on Windows 7 RTM. Also, there's no guarantee that Microsoft will bump the version number up with the new patch (MS07-063 was an insecure implementation; the current exploit appears to be a stack overflow from a single packet). Seeing as RTM didn't change the version number when they fixed the issue, it's possible (or very probably) they won't change the version with the new patch. Rob _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- NSE Script to exploit the Windows Vista and 7 SMB 2.0 remote BSOD bug? Fyodor (Sep 09)
- Re: NSE Script to exploit the Windows Vista and 7 SMB 2.0 remote BSOD bug? Fyodor (Sep 10)
- Re: NSE Script to exploit the Windows Vista and 7 SMB 2.0 remote BSOD bug? Ron (Sep 10)
- Re: NSE Script to exploit the Windows Vista and 7 SMB 2.0 remote BSOD bug? Trancer (Sep 10)
- Re: NSE Script to exploit the Windows Vista and 7 SMB 2.0 remote BSOD bug? Rob Nicholls (Sep 10)
- Re: NSE Script to exploit the Windows Vista and 7 SMB 2.0 remote BSOD bug? Ron (Sep 10)
- Re: NSE Script to exploit the Windows Vista and 7 SMB 2.0 remote BSOD bug? David Fifield (Sep 13)
- Re: NSE Script to exploit the Windows Vista and 7 SMB 2.0 remote BSOD bug? David Fifield (Sep 14)
- Re: NSE Script to exploit the Windows Vista and 7 SMB 2.0 remote BSOD bug? Ron (Sep 14)