lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <200607111952.40271.fdlist@digitaloffense.net>
Date: Wed Jul 12 01:52:36 2006
From: fdlist at digitaloffense.net (H D Moore)
Subject: Microsoft SMB Information
	Disclosure	Vulnerability CVE-2006-1315

Yet another SMB memory leak. There are tons of these in SRVSVC. The key to 
finding them is to force large padding values (ie. holes between 
DataOffset/ParameterOffset and end of packet). A quick hack is to use the 
SMB ECHO command with a non-aligned byte size. I have yet to see anything 
actually *useful* get leaked. The leak data usually contains parts of 
packets that I sent it previously - my few attempts at testing a busy 
domain controller never leaked anything I found interesting. Maybe McAfee 
found a way to leak larger blocks?

-HD

On Tuesday 11 July 2006 19:41, Alexander Sotirov wrote:
> This is hardly a "description" of the vulnerability. Your post does not
> include any information that was not already included in the Microsoft
> bulletin this morning.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ