| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <407FFEED.2050707@g-clef.net>
From: lists at g-clef.net (Aaron Gee-Clough)
Subject: OT microsoft "feature"
Jeffrey A.K. Dick wrote:
> "Anyone has a good explaination for this ? "
>
> I'll leave it to you to decide if the explanation is good ...
>
> "Windows NT utilities can accept Internet Protocol (IP) addresses comprised
> of decimal, octal, or hexadecimal numbers. This can cause confusion if you
> unintentionally use a leading zero in a decimal octet. With a leading zero,
> the number is resolved by these utilities as an octal number, thus
> specifying the wrong IP address. "
>
> http://support.microsoft.com/default.aspx?scid=kb;en-us;115388
Interesting. Of course, it's also a little bit...off:
C:\>ping 090.090.090.090
Pinging 72.72.72.72 with 32 bytes of data:
Request timed out.
Ping statistics for 72.72.72.72:
Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
Control-C
^C
C:\>
If this were truly octal, 9's should be invalid (as should 8's).
Instead, we have some base-10/base-8 hybrid that they decided to call
"octal."
Note: Linux (RedHat and Debian, anyway) appear to do the "preceeding
0=>octal" bit also, but they properly filter the 090 to be something
unknown.
This really doesn't look like a security issue, though. Just lazy
coding. (Feel free to prove me wrong.)
Aaron
Powered by blists - more mailing lists