Full Disclosure: Re: Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516)

Re: Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516)

From: Darren Martyn <d.martyn.fulldisclosure () gmail com>
Date: Wed, 9 Nov 2011 14:51:48 +0000

Oddly enough, I was aware the kernel has to handle packets sent to "closed"
ports, just was not thinking of HOW it handles them. I would love to see
the code for that, and am planning to look at the same code on Linux so I
can see exactly what the hell it does.

On Wed, Nov 9, 2011 at 1:56 PM, Georgi Guninski <guninski () guninski com>wrote:

On Tue, Nov 08, 2011 at 11:53:52PM +0200, Henri Salo wrote:

http://technet.microsoft.com/en-us/security/bulletin/ms11-083

"The vulnerability could allow remote code execution if an attacker

sends a continuous flow of specially crafted UDP packets to a closed port
on a target system."


Microsoft did it once again.

- Henri Salo


Imagine if you knew about this a few years ago...

--
j

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/




-- 
My Homepage :D <http://compsoc.nuigalway.ie/%7Einfodox>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

By Date By Thread

Current thread:

Re: Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516), (continued)
- Re: Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516) Georgi Guninski (Nov 09)
  - Re: Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516) Darren Martyn (Nov 09)
    - Re: Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516) xD 0x41 (Nov 09)
    - Re: Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516) Georgi Guninski (Nov 10)
    - Re: Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516) Thor (Hammer of God) (Nov 10)
    - Re: Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516) Sergito (Nov 11)
    - Re: Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516) xD 0x41 (Nov 10)
    - Re: Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516) Valdis . Kletnieks (Nov 10)
    - Re: Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516) Jon Kertz (Nov 11)
    - Re: Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516) Ryan Dewhurst (Nov 11)
    - Re: Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516) Mario Vilas (Nov 11)
    - Re: Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516) Thor (Hammer of God) (Nov 11)
(Thread continues...)