| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <6aab053a0911271527xe0abd00pee8155c43b6f900c@mail.gmail.com> Date: Fri, 27 Nov 2009 20:27:07 -0300 From: Fernando Gont <fernando.gont@...il.com> To: Ivan Security <ivanchukl@...il.com> Cc: full-disclosure@...ts.grok.org.uk Subject: Re: Microsoft Windows TCP/IP Timestamps Code Execution Vulnerability On Fri, Nov 27, 2009 at 1:59 AM, Ivan Security <ivanchukl@...il.com> wrote: > Has anyone more details about this vulnerability?. The advisory just say: > "The vulnerability exists due to the TCP/IP stack not cleaning up state > information correctly. This causes the TCP/IP stack to reference a field as > a function pointer when it actually contains other information" > I'd like to know a bit more in order to test it and make some research. This certainly looks like an implementation bug. Nevertheless, when it comes to protocol or "design" vulnerabilities, you might want to use this document as a reference: http://www.cpni.gov.uk/Docs/tn-03-09-security-assessment-TCP.pdf Feedback is always welcome. Kind regards, Fernando _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists