[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <200607111952.40271.fdlist@digitaloffense.net>
Date: Wed Jul 12 01:52:36 2006
From: fdlist at digitaloffense.net (H D Moore)
Subject: Microsoft SMB Information
Disclosure Vulnerability CVE-2006-1315
Yet another SMB memory leak. There are tons of these in SRVSVC. The key to
finding them is to force large padding values (ie. holes between
DataOffset/ParameterOffset and end of packet). A quick hack is to use the
SMB ECHO command with a non-aligned byte size. I have yet to see anything
actually *useful* get leaked. The leak data usually contains parts of
packets that I sent it previously - my few attempts at testing a busy
domain controller never leaked anything I found interesting. Maybe McAfee
found a way to leak larger blocks?
-HD
On Tuesday 11 July 2006 19:41, Alexander Sotirov wrote:
> This is hardly a "description" of the vulnerability. Your post does not
> include any information that was not already included in the Microsoft
> bulletin this morning.
Powered by blists - more mailing lists