[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CALCvwp62uaV-Mc1rtyRLbDAnEA9i+ZaqNvb663zeNjsHLZNxnA@mail.gmail.com>
Date: Thu, 10 Nov 2011 08:46:44 +1100
From: xD 0x41 <secn3t@...il.com>
To: Darren Martyn <d.martyn.fulldisclosure@...il.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Microsoft Windows vulnerability in TCP/IP
Could Allow Remote Code Execution (2588516)
You could just google for IRC packs of win2k src ;)
I know i have a copy of it somewhere... acvtually tho, would not be
helpful tho, as it does not affect win2k.. so i guess there would be
some code there but not the code you want.
@george
and, ideally if 'years' ago existed for this exploit but, it does only
affect v6 and up , this is tested.... so xp/2k/2k3 not affected...
still, i know people are using other ways anyhow , and thats just how
botting is... one way dies, one takes its place :s
i guess we wait for the rls of this.. maybe!
On 10 November 2011 01:51, Darren Martyn
<d.martyn.fulldisclosure@...il.com> wrote:
> Oddly enough, I was aware the kernel has to handle packets sent to "closed"
> ports, just was not thinking of HOW it handles them. I would love to see the
> code for that, and am planning to look at the same code on Linux so I can
> see exactly what the hell it does.
>
> On Wed, Nov 9, 2011 at 1:56 PM, Georgi Guninski <guninski@...inski.com>
> wrote:
>>
>> On Tue, Nov 08, 2011 at 11:53:52PM +0200, Henri Salo wrote:
>> > http://technet.microsoft.com/en-us/security/bulletin/ms11-083
>> >
>> > "The vulnerability could allow remote code execution if an attacker
>> > sends a continuous flow of specially crafted UDP packets to a closed port on
>> > a target system."
>> >
>> > Microsoft did it once again.
>> >
>> > - Henri Salo
>> >
>>
>> Imagine if you knew about this a few years ago...
>>
>> --
>> j
>>
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>
>
>
> --
> My Homepage :D
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists