lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date: Thu, 29 Apr 2004 08:58:46 +1000 (EST)
From: psz@...hs.usyd.edu.au (Paul Szabo)
To: bporter@...rt.net, full-disclosure@...ts.netsys.com,
   kf_lists@...netops.com
Cc: bugtraq@...urityfocus.com, info@...uriteam.com,
   submissions@...ketstormsecurity.org
Subject: RE: Microsoft's Explorer and Internet Explorer long share name buffer overflow.


Tested on W2kSP4 (right-click MyComputer, Properties):

  Microsoft Windows 2000
  5.00.2195
  Service Pack 4

with IE6 (and noting that W2kSP3 behaved identically).

Going to  StartMenu > Run > \\hostname  behaves sensibly, showing all
shares; clicking on the long one says "The network name cannot be found".

However, going to  StartMenu > Run > \\IP.address  crashes explorer:

  Program Error
  explorer.exe has generated errors and will be closed by Windows.
  You will need to restart the program.
  An error log is being created.
  [Cancel]

(then explorer re-starts automatically and the button changes to [OK]). I
cannot see an EIP=41414141 (or 00410041) in file drwtsn32.log (in
C:\Documents and Settings\All Users\Documents\Dr Watson), but maybe it is
not telling the truth (or maybe I needed \\IP.address\sharename?).

Anyway, http://support.microsoft.com/?kbid=322857 lies when it says this is
fixed in W2kSP4; or maybe that KB article refers to a different problem: it
say the error should be "Access Violation", I got "Program Error".

Cheers,

Paul Szabo - psz@...hs.usyd.edu.au  http://www.maths.usyd.edu.au:8000/u/psz/
School of Mathematics and Statistics  University of Sydney   2006  Australia

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ