Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516)
From: Dan Ballance <tzewang.dorje () gmail com>
Date: Sat, 12 Nov 2011 23:33:10 +0000

Cheers Antony, I began by asking if Scapy was a suitable tool for crafting
this attack - and then asked more generally what tools/languages/frameworks
do people recommend for this kind of task? Are you suggesting due to the
very large numbers of packets involved that for performance reasons this
needs to be written in c/c++?

On 12 November 2011 06:22, Antony widmal <antony.widmal () gmail com> wrote:



On Fri, Nov 11, 2011 at 10:08 PM, Jeffrey Walton <noloader () gmail com>wrote:

On Sat, Nov 12, 2011 at 12:53 AM, Antony widmal <antony.widmal () gmail com>
wrote:
Dear Dan,
Impacket was at first a Pysmb copy/update from Core Security in order to
play with RPC. (look at the source)
They've done some work on pysmb library in order to implement DCE/RPC
functionality in this dinosaurus lib.
You can also try Dave Aitel's SPIKE.

Yeah sure;
If you're passionate about medieval history and you are a fan of
the Flintstones, you'll be happy with Dave's Aitel fuzzer.

Regards,
Antony

 > This vulnerability is about sending a *huge fucking* stream of UDP
packets
on a closed port in order to trigger a int overflow via a ref count.
Most of the people here didn't even understand what we are talking
about/dealing with.
Is this related to the undisclosed MS09-048, which we were told did
not require remediation because the Windows firewall (et al) mitigated
the vulnerability?
http://www.microsoft.com/technet/security/Bulletin/MS09-048.mspx.

Jeff



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]