lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <3F1E2003.8040703@ameritech.net>
From: dbailey27 at ameritech.net (northern snowfall)
Subject: R7-0015: Multiple Vulnerabilities Apple QuickTime/Darwin Streaming Server

>
>
>If somebody can send you a low-bandwidth stream of packets that make your
>server work WAY too hard, so that the expensive server that's supposed to be
>handling 500 simultaneous clients is dropping users at 75, it's a security
>issue.
>
Yeh. I actually wrote an exploit for a condition similar to this, recently.
The DoS condition was a remote vulnerability that lead to 100% CPU usage
for a period of approximately 6 minutes in length before a time-out 
occurred.
After this time-out, I was easily able to perpetuate the DoS condition with
another, specially crafted, packet.

In correlation with this vulnerability I maintained a bit walk (coined by
a friend?) technique on an exploit that needed an approximated fourteen
minutes to determine a proper return address. Since the exploit triggered
some pretty obvious noise any admin could see, the DoS condition kept
any admin from logging in either locally on via console. This leaded to
success.

That's just a nice example of how DoS can actually be of some functional
use in a given threat vector. More obvious examples would be hijacking
conditions.

Don

http://www.7f.no-ip.com/~north_




Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ