| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20070407154531.GB2438@dani.enslaved.lan> Date: Sat, 7 Apr 2007 17:45:31 +0200 From: GomoR <fd@...or.org> To: full-disclosure@...ts.grok.org.uk Subject: Re: Nine Vista CVEs, including Microsoft inaccurate Teredo use case documentation On Tue, Apr 03, 2007 at 02:23:21PM -0700, Jim Hoagland wrote: > Hello all, > > In my blog today [1] I give a brief run-down of nine CVE entries that were > recently published for Vista; the CVEs are numbered CVE-2007-1527 through > CVE-2007-1535. At this point, I do not know who requested the entries be > created. However, the entries are based on items reported in Symantec's > recent Windows Vista Network Attack Surface Analysis report [2], for which I > was lead author, so I thought that I was in a good position to explain them. [..] > [2] > http://www.symantec.com/avcenter/reference/Vista_Network_Attack_Surface_RTM. > pdf ( http://preview.tinyurl.com/2qrglc ) Hello Jim, you have a section on stack fingerprint in your report. I find it rather odd to no see the use of SinFP [1] (my tool, shameless plug). It is able to identify Vista since BETA2. With or without firewall activated (there need to be one open TCP port, though). Furthermore, you would have been able to analyze the IPv6 stack also. Currently your stack analysis is based on nmap, and is made harder than if you have used SinFP. I will show different signatures obtained with SinFP: For IPv4 stacks: Windows XP (SP2, but no difference between SPs): P1: B11113 F0x12 W65535 O0204ffff M1460 P2: B11113 F0x12 W65535 O0204ffff010303000101080a000000000000000001010402 M1460 P3: B11021 F0x04 W0 O0 M0 Windows Vista (BETA2): P1: B11113 F0x12 W8192 O0204ffff M1460 P2: B11113 F0x12 W8192 O0204ffff030308010402080affffffff44454144 M1460 P3: B11121 F0x04 W0 O0 M0 Windows Vista (RC1 && final): P1: B11113 F0x12 W8192 O0204ffff M1460 P2: B11113 F0x12 W8192 O0204ffff010303080402080affffffff44454144 M1460 P3: B11121 F0x04 W0 O0 M0 For IPv6 stacks: Windows XP (SP2): P1: B10013 F0x12 W17080 O0204ffff M1440 P2: B10013 F0x12 W17280 O0204ffff M1440 P3: B10020 F0x04 W0 O0 M0 Windows Vista (BETA2): P1: B10013 F0x12 W8192 O0204ffff M1440 P2: B10013 F0x12 W8192 O0204ffff030308010402080affffffff44454144 M1440 P3: B10021 F0x04 W0 O0 M0 Windows Vista (RC1 && final): P1: B10013 F0x12 W8192 O0204ffff M1440 P2: B10013 F0x12 W8192 O0204ffff010303080402080affffffff44454144 M1440 P3: B10021 F0x04 W0 O0 M0 So, I think it is easier to compare TCP/IP stacks with signatures like that, but it is only my viewpoint ;) [1] http://www.gomor.org/sinfp -- ^ ___ ___ http://www.GomoR.org/ <-+ | / __ |__/ Systems & Security Engineer | | \__/ | \ ---[ zsh$ alias psed='perl -pe ' ]--- | +--> Net::Frame <=> http://search.cpan.org/~gomor/ <---+ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists