[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAPLMuLfSduG6H1BiipfKV4q=rjurVrnj=yXBKA=0SMz+jzM4sQ@mail.gmail.com>
Date: Fri, 11 Nov 2011 17:34:36 -0800
From: Chris L <inchcombec@...il.com>
To: Ian Hayes <cthulhucalling@...il.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Microsoft Windows vulnerability in TCP/IP
Could Allow Remote Code Execution (2588516)
Wow, good eye. I can't remember UDP having an ACK packet type, being a
stateless protocol and all, either. I actually looked back through this
thread of emails and it is actually mentioned many times, the idea of the
exploit involving certain SQN or ACK packets, although only by "xD 0x41" as
far as I can see. I'm not sure about anyone else, but I at least, take "xD
0x41"s posts with a spoonful of salt since there is no corroborating
information and the descriptions are vague, contradictory, incomprehensible
or some combination thereof.
Anyway, I'm not an expert, that is just my personal observation. I'm just a
comp sci student that joined this list a couple months ago to try to learn
some more about real world computer security. (As opposed to just
lab-environment, controlled, with expected results, computer security.) I'm
interested in this alleged bug, and if there are any other descriptions of
it that are more *clear* about the actual effect or impact, I'd appreciate
a link.
While I'm at it, since I've mentioned I'm a student and learning, any other
helpful links to learn from are also appreciated. :)
On Fri, Nov 11, 2011 at 3:31 PM, Ian Hayes <cthulhucalling@...il.com> wrote:
> On Fri, Nov 11, 2011 at 3:13 PM, xD 0x41 <secn3t@...il.com> wrote
> > anyhow... it doesnty take, 49days, atall..
> > and, yes, indeed, will be one good packet, if the packet , has the
> > right SQN + Ack number.
> ^^^^^^^^^^^^^^^^^^^^^^^^^^
>
> We are discussing UDP, as per the MS advisory, yes?
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
Content of type "text/html" skipped
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists