lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 27 Jun 2006 13:28:03 +0400 From: 3APA3A <3APA3A@...URITY.NNOV.RU> To: Denis Jedig <seclists@...eticon.de> Cc: angel3000@...box.ru, vuln-dev@...urityfocus.com, bugtraq@...urityfocus.com, Full Disclosure <full-disclosure@...ts.grok.org.uk> Subject: Re: Is Windows TCP/IP source routing PoC code available? Dear Denis Jedig, Simple PoC and original message from Andrey Minaev, dated February, 2006 in Russian with short translation to English) are available from http://www.security.nnov.ru/Fnews753.html This is his original post regarding this issue as it was in his first report to MS and it may not contain complete information because I am not aware about results of further researches with Microsoft. I don't know why Andrey have not published complete information yet. I had no contacts with him after MS opened case on this issue and he asked to hold information. --Sunday, June 25, 2006, 10:03:24 PM, you wrote to vuln-dev@...urityfocus.com: DJ> Greetings to the list, DJ> As known, Microsoft did announce a security vulnerability concerning an DJ> overflow within the TCP/IP stack implementation when source routing DJ> fields are used: DJ> http://www.microsoft.com/technet/security/bulletin/MS06-032.mspx DJ> Is anyone aware of an exploit or POC code for this vulnerability? The DJ> security bulletin states that Windows XP SP2 and Windows Server 2003 SP1 DJ> are "secure by default" due to disabled source routing. However, it does DJ> not provide sufficient information regarding other operating systems DJ> affected, so I would like to check out by myself. DJ> Regards, DJ> Denis Jedig DJ> syneticon networks GbR -- ~/ZARAZA ...áåç äóáèíêè íèêîãäà íå ïðèíèìàëñÿ îí çà ïðîãðàììèðîâàíèå. (Ëåì) _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists