lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 30 Sep 2009 19:34:29 -0600
From: Nick <nick58@...il.com>
To: full-disclosure@...ts.grok.org.uk
Subject: Microsuck delaying patch for SMB2 on purpose?
A new exploit for the _Smb2ValidateProviderCallback() function has been
released by the same person who created the Denial of Service exploit,
except this one is able to execute code remotely. It seems that ms is sort
of delaying the quick fix for this exploit. Whats even sadder is that they
knew about it when they developed windows 7 but didn't care to patch windows
vista. If they dont release a patch soon, viruses will be all over the
internet...
Exploit code:
http://packetstormsecurity.org/filedesc/smb2_negotiate_func_index.rb.txt.html
Content of type "text/html" skipped
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists