| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <58DB1B68E62B9F448DF1A276B0886DF19304AF33@EX2010.hammerofgod.com>
Date: Fri, 11 Nov 2011 17:08:36 +0000
From: "Thor (Hammer of God)" <thor@...merofgod.com>
To: Mario Vilas <mvilas@...il.com>, Ryan Dewhurst <ryandewhurst@...il.com>
Cc: "full-disclosure@...ts.grok.org.uk" <full-disclosure@...ts.grok.org.uk>
Subject: Re: Microsoft Windows vulnerability in TCP/IP
Could Allow Remote Code Execution (2588516)
Yeah, I gotta say, I'm going to use it at some point ;)
From: full-disclosure-bounces@...ts.grok.org.uk [mailto:full-disclosure-bounces@...ts.grok.org.uk] On Behalf Of Mario Vilas
Sent: Friday, November 11, 2011 9:02 AM
To: Ryan Dewhurst
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: [Full-disclosure] Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516)
I liked the "heavy breather in the perv closet" bit.
On Fri, Nov 11, 2011 at 5:43 PM, Ryan Dewhurst <ryandewhurst@...il.com<mailto:ryandewhurst@...il.com>> wrote:
I think Jon just said what everyone else was thinking, he said what I
was thinking at least.
On Fri, Nov 11, 2011 at 1:54 PM, Jon Kertz <jon.kertz@...il.com<mailto:jon.kertz@...il.com>> wrote:
> On Thu, Nov 10, 2011 at 2:59 PM, xD 0x41 <secn3t@...il.com<mailto:secn3t@...il.com>> wrote:
>> About the PPS, i think thats a very bad summary of the exploit, 49days
>> to send a packet, my butt.
>> There is many people assuming wrong things, when it can be done with
>> seconds, syscanner would scan a -b class in minutes, remember it only
>> has to find the vulns, gather, then it would break scan, and trigger
>> vuln... so in real world botnet, yes then, with tcpip patchers, like
>> somany ppl i know myself, even use (tcpipz)patcher ) , wich rocks...
>> and it is ONLY one wich actually works, when you maybe modify the src
>> so the sys file, is dropped from within a .cpp file, well thats up to
>> you but thats better way to make it work, this will open
>> sockets/threads, as i could, easily proove with one exe, but, the goal
>> is, to trigger the vuln then exploit it, less than 49days :P , so ,
>> iguess if this exploit, in real form, gathered 2 million hosts over 3
>> nights.. i guessing that the exploit, could possibly be triggered with
>> ONE properly setup packet.. people forget that, a packet is one thing,
>> and a crafted UDP packet, is quite another..
>
> I'd really like to see you actually explain this bug with code. Either
> with a poc or with the disassembly. You seem to act like you know
> what's going on, but so far your description has been off base (from
> what I can make of your writing).
>
> No one cares about paragraphs of speculation and bragging, code or you
> are just another heavy breather in the perv closet of FD.
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
--
"There's a reason we separate military and the police: one fights the enemy of the state, the other serves and protects the people. When the military becomes both, then the enemies of the state tend to become the people."
Content of type "text/html" skipped
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists