Full Disclosure: Re: Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516)

Re: Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516)

From: xD 0x41 <secn3t () gmail com>
Date: Thu, 10 Nov 2011 08:46:44 +1100

You could just google for IRC packs of win2k src ;)
I know i have a copy of it somewhere... acvtually tho, would not be
helpful tho, as it does not affect win2k.. so i guess there would be
some code there but not the code you want.

@george
and, ideally if 'years' ago existed for this exploit but, it does only
affect v6 and up , this is tested.... so xp/2k/2k3 not affected...
still, i know people are using other ways anyhow , and thats just how
botting is... one way dies, one takes its place :s
i guess we wait for the rls of this.. maybe!


On 10 November 2011 01:51, Darren Martyn
<d.martyn.fulldisclosure () gmail com> wrote:

Oddly enough, I was aware the kernel has to handle packets sent to "closed"
ports, just was not thinking of HOW it handles them. I would love to see the
code for that, and am planning to look at the same code on Linux so I can
see exactly what the hell it does.

On Wed, Nov 9, 2011 at 1:56 PM, Georgi Guninski <guninski () guninski com>
wrote:


On Tue, Nov 08, 2011 at 11:53:52PM +0200, Henri Salo wrote:

http://technet.microsoft.com/en-us/security/bulletin/ms11-083

"The vulnerability could allow remote code execution if an attacker
sends a continuous flow of specially crafted UDP packets to a closed port on
a target system."

Microsoft did it once again.

- Henri Salo


Imagine if you knew about this a few years ago...

--
j

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/




--
My Homepage :D


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

By Date By Thread

Current thread:

Re: Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516), (continued)
- Re: Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516) Georgi Guninski (Nov 09)
  - Re: Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516) Darren Martyn (Nov 09)
    - Re: Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516) xD 0x41 (Nov 09)
    - Re: Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516) Georgi Guninski (Nov 10)
    - Re: Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516) Thor (Hammer of God) (Nov 10)
    - Re: Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516) Sergito (Nov 11)
    - Re: Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516) xD 0x41 (Nov 10)
    - Re: Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516) Valdis . Kletnieks (Nov 10)
    - Re: Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516) Jon Kertz (Nov 11)
    - Re: Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516) Ryan Dewhurst (Nov 11)
    - Re: Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516) Mario Vilas (Nov 11)
    - Re: Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516) Thor (Hammer of God) (Nov 11)
    - Re: Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516) Ryan Dewhurst (Nov 11)
(Thread continues...)