Vulnerability Development mailing list archives
Need help w/ Dell Windows security issue
From: Curt Wilson <netw3_security () hushmail com>
Date: 15 Jan 2003 22:01:10 -0000
I've found a DoS vulnerability in a Dell openmanage application on a Win2K advanced server, and I am trying to discover if more can be done with the issue. I have little experience in working with vulnerabilities at the assembly and stack level. Basically, a simple telnet to the open TCP port causes a particular service to die. "an operation was attempted on something that is not a socket" "the exception generated was c0000005 at address 00403234 {<nosymbols>}" Dr. Watson - exception number: c0000005 (access violation) FAULT -> 00403224 8b07 mov eax,[edi] ds:00000000=???????? (stack dump, etc. snipped for public posting) I attempted to send many 0x41 chars, and then checked the various registers in the state dump (dr watson log file) but it does not appear that my data is getting through. Something about the connection itself breaks the service, whether it's a raw connection or a connection through telnet. I'm trying to isolate what the application actually expects and hope to have more information soon. For all I know, nothing else can be done. However, given that my skills in this particular area are in their early formative stage, maybe someone else can provide some insight. If anyone is kind enough to help analyze this issue further, please drop me a line. If anyone else is running Dell servers with any of the OpenManage applications for windows, please let me know. Please direct any flames to /dev/null Curt Wilson Netw3 security www.netw3.com
Current thread:
- Need help w/ Dell Windows security issue Curt Wilson (Jan 21)
- <Possible follow-ups>
- Re: Need help w/ Dell Windows security issue The Blueberry (Jan 23)