| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: willy at w.ods.org (Willy Tarreau) Subject: Re: Windows URG mystery solved! On Wed, Sep 17, 2003 at 11:17:16AM +0200, Michal Zalewski wrote: > > I finally have more details about the Windows URG pointer memory leak, > first reported here: > > http://www.securityfocus.com/archive/82/335845/2003-08-31/2003-09-06/0 > > It is a vulnerability. > > After a long and daunting hunt, I have determined that pretty much all > up-to-date Windows 2000 and XP systems are vulnerable to the problem, and > that it is not caused by any network devices en route or such, but the > issue is present only in certain conditions. Hello Michal, I too discovered this strangeness on Monday, when a guy at work was using a windows-based tool to scan for unpatched machines against the blaster worm. My netfilter first logged 3 SYNs, and asked him why his tool was using URG data, but then noticed that the URG flag wasn't set. He didn't know and tried again to scan my linux box. I don't know what his tool was, but he launched it from a blaster-patched WinXP box. This time, the URG pointer was always 0. Then he scanned the whole network, and I saw non-null URG pointers coming again to my box. Tcpdump clearly showed that the pointer was in the packets, and was not invented by netfilter. So I concluded that his box was leaking memory or doing something strange. I can ask him the exact windows version, and even some more tests if anyone is interested. Regards, Willy
Powered by blists - more mailing lists