[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 11 Nov 2011 17:58:41 -0500
From: Valdis.Kletnieks@...edu
To: secn3t@...il.com
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Microsoft Windows vulnerability in TCP/IP
Could Allow Remote Code Execution (2588516)
On Sat, 12 Nov 2011 09:36:21 +1100, xD 0x41 said:
> well look at that :P
> not same author but , nice coding predelka! good one, i will add you
> to crazycoders.com coderslist... i guess there is a few codes you have
> now done wich might be useful... cheers.
Did you actually do a code review? There's some... issues. ;)
First, the comment block says it needs 2^32 packets sent.
Then we do:
for(lthreads=0;lthreads<250;lthreads++){//UDP flood
iret = pthread_create(&thread,NULL,sendpackets,argv[1]);
(250, not 256? Gaak ;)
And then sendpackets() does this:
for(i=0;i<4294967295;i++){
So this is working 250 times as hard as it has to. No wonder it takes 52 days. ;)
Also, the variable 'active' is at least theoretically racy - it's *possible*,
but unlikely, that the main program will kick off the 250 threads, and fall
through to the 'while(active)' loop before any of the threads have hit the
active++ in their code.
Content of type "application/pgp-signature" skipped
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists