lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <20091001133317.D267BCBEA7@ws5-11.us4.outblaze.com>
Date: Thu, 1 Oct 2009 09:33:17 -0400
From: Chris <r0ck@...ramail.com>
To: "Rohit Patnaik" <quanticle@...il.com>, Nick <nick58@...il.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Microsuck delaying patch for SMB2 on purpose?

 "it seems"...and "I'm pretty sure"

Is this FD or some fantasyland where everybody can just make up shit?

If you don't KNOW and can't CONFIRM (with links or FACTS) then stfu.

  ----- Original Message -----
  From: "Rohit Patnaik"
  To: Nick
  Cc: full-disclosure@...ts.grok.org.uk
  Subject: Re: [Full-disclosure] Microsuck delaying patch for SMB2 on
  purpose?
  Date: Thu, 1 Oct 2009 08:09:22 -0500

  I'm pretty sure that Microsoft has already released a fix for this.
   I know they've patched Vista and Windows 7, and they've decided
  publicly not to backport the fix to Windows XP.
  --Rohit Patnaik

  On Wed, Sep 30, 2009 at 8:34 PM, Nick <nick58@...il.com> wrote:

    A new exploit for the _Smb2ValidateProviderCallback() function
    has been released by the same person who created the Denial of
    Service exploit, except this one is able to execute code
    remotely. It seems that ms is sort of delaying the quick fix for
    this exploit. Whats even sadder is that they knew about it when
    they developed windows 7 but didn't care to patch windows vista. 
    If they dont release a patch soon, viruses will be all over the
    internet...

    Exploit code:
    http://packetstormsecurity.org/filedesc/smb2_negotiate_func_index.rb.txt.html



    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.grok.org.uk/full-disclosure-charter.html
    Hosted and sponsored by Secunia - http://secunia.com/



  _______________________________________________
  Full-Disclosure - We believe in it.
  Charter: http://lists.grok.org.uk/full-disclosure-charter.html
  Hosted and sponsored by Secunia - http://secunia.com/






-- 
_______________________________________________
Surf the Web in a faster, safer and easier way:
Download Opera 9 at http://www.opera.com

Powered by Outblaze

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ