VISTA TCP/IP stack buffer overflow
Peter Köhlmann
Well, they obviuously have rewritten their stack here.
After all, who wants old bugs? *New* bugs are what the world needs
--
Warning: 10 days have passed since your last Windows reinstall.
7
> http://www.securityfocus.com/archive/1/498471
>
> Well, they obviuously have rewritten their stack here.
> After all, who wants old bugs? *New* bugs are what the world needs
Serves them right for being BSD Pirates ;)
DFS
> http://www.securityfocus.com/archive/1/498471
>
> Well, they obviuously have rewritten their stack here.
> After all, who wants old bugs? *New* bugs are what the world needs
Which is why the Linux/OSS "community" is busy releasing new distros every
day.
Cork Soaker
> http://www.securityfocus.com/archive/1/498471
>
> Well, they obviuously have rewritten their stack here.
> After all, who wants old bugs? *New* bugs are what the world needs
Which linux distro are you advocating here?
Chris Ahlstrom
this bit o' wisdom:
> http://www.securityfocus.com/archive/1/498471
>
> Well, they obviuously have rewritten their stack here.
> After all, who wants old bugs? *New* bugs are what the world needs
This issue did not occur on Windows XP.
Installation of Service Pack 1 and/or security updates had no effect in
regards to resolve the random crashes.
To execute either the sample program or the route-add command, the user
has to be member of the Network Configuration Operators group or the
Administrators group.
Since this buffer overflow overwrites kernel memory, it could be possible
that members of the Network Configuration Operator group exploit this and
take control over the operating system without any restriction.
Not much impact, though:
Impact
-----------------------------
1. When adding a route entry to the IPv4 routing table using the method
CreateIpForwardEntry2 and passing an illegal value greater than 32 [2]
for the destination PrefixLength member in the DestinationPrefix
structure contained in the MIB_IPFORWARD_ROW2 structure [3], kernel
space memory is being corrupted resulting in random blue screen
crashes. ...
In other words, a SNAFU <chuckle>.
This impact is worse, though:
2. In addition we were able to reproduce this issue without the sample
program, using the built in "route add" command. It seems the "route-add"
uses the same method as our sample program, hence creates the same buffer
overflow when calling it with an illegal value for the network mask. The
syntax we used in the command line is as follows:
route add 1.2.3.4/240 4.3.2.1
This buffer overflow could be exploited to inject code, hence
compromising client security.
Ay yi yi.
What does that command do on Linux?
# route add 1.2.3.4/240 4.3.2.1
route: netmask 0000ffff doesn't make sense with host route
Usage: route [-nNvee] [-FC] [<AF>] List kernel routing tables
. . .
--
<rebelpacket> hey, quick question, is there any way to speed up the
performance of uquake-x11?
<Deek> rebelpacket: If you want to accelerate it, throw it harder.
Tony Manco
> http://www.securityfocus.com/archive/1/498471
>
> Well, they obviuously have rewritten their stack here.
> After all, who wants old bugs? *New* bugs are what the world needs
And what is the best part?
#########
===================================
Kernel vulnerability found in Vista
===================================
"A flaw in Vista's networking has been found that can crash the system,
*but no fix is expected until the next service pack*"
http://news.cnet.com/8301-1009_3-10106173-83.html
#########
Haaa, wonderful...
--
Firefox 3.0.4 .::. Thunderbird: 2.0.0.17.::. Ubuntu 8.10
Clogwog
news:ggcg0s$aab$1...@news.motzarella.org...
> Peter Köhlmann wrote:
>> http://www.securityfocus.com/archive/1/498471
>>
>> Well, they obviuously have rewritten their stack here.
>> After all, who wants old bugs? *New* bugs are what the world needs
>
> And what is the best part?
That it took 4 months to fix this!
http://www.securityfocus.com/bid/30126
LMFAO @ you!
Jerry McBride
> http://www.securityfocus.com/archive/1/498471
>
> Well, they obviuously have rewritten their stack here.
> After all, who wants old bugs? *New* bugs are what the world needs
How quaint... Thanks MicroSoft...
--
*****************************************************************************
From the desk of:
Jerome D. McBride
16:23:38 up 1 day, 5:14, 3 users, load average: 0.03, 0.06, 0.01
*****************************************************************************
Tony Manco
> LMFAO @ you!
How about 7 years...
http://www.securityfocus.com/archive/1/319133
"Also found and demonstrated by dildog at defcon 3 years ago. So don't
hold your breath waiting for that patch."
LMFAO @ you!
Homer
Serves BSD developers right for using such a lax license.
OTOH it wasn't they who screwed up the Vole's fork. Perhaps Microsoft
would be better switching back to the current upstream version. In fact
they should probably do that with their whole networking stack, since
they clearly don't have the first clue about networking at all.
--
K.
http://slated.org
.----
| "At the time, I thought C was the most elegant language and Java
| the most practical one. That point of view lasted for maybe two
| weeks after initial exposure to Lisp." ~ Constantine Vetoshev
`----
Fedora release 8 (Werewolf) on sky, running kernel 2.6.25.11-60.fc8
21:48:14 up 18 days, 5:31, 4 users, load average: 0.02, 0.12, 0.15
Hadron
> Peter Köhlmann wrote:
>
>> http://www.securityfocus.com/archive/1/498471
>>
>> Well, they obviuously have rewritten their stack here.
>> After all, who wants old bugs? *New* bugs are what the world needs
>
> How quaint... Thanks MicroSoft...
maybe you should switch to Linux? Just make sure your ssh keys are not
compromised ....
http://it.slashdot.org/article.pl?sid=08/05/13/1533212&from=rss
It was there for 2 years leaving "Debian server" totally open to anyone
you could be bothered to hack in if they had sshd running.
--
"Of course, by the time Gnash gets its act together, we'll
probably all have to start all over again with Silverlight
(or Moonlight)."
-- The Ghost In The Machine <ew...@sirius.tg00suus7038.net> in comp.os.linux.advocacy
Peter Köhlmann
> Jerry McBride <jmcb...@mail-on.us> writes:
>
>> Peter Köhlmann wrote:
>>
>>> http://www.securityfocus.com/archive/1/498471
>>>
>>> Well, they obviuously have rewritten their stack here.
>>> After all, who wants old bugs? *New* bugs are what the world needs
>>
>> How quaint... Thanks MicroSoft...
>
> maybe you should switch to Linux? Just make sure your ssh keys are not
> compromised ....
>
> http://it.slashdot.org/article.pl?sid=08/05/13/1533212&from=rss
>
> It was there for 2 years leaving "Debian server" totally open to anyone
> you could be bothered to hack in if they had sshd running.
>
Oh, looky looky: Hadron Quark, the "true linux advocate", deflecting a real
bad windows bug by pointing to a debian bug *and* implying it is a "linux
bug". In the vain hope that somehow, magically, this windows bug might look
somewhat less bad
Pray tell, liar Hadron Quark, which *other* distros had this bug? Be
precise. While you're at it, explain why Debian, your "distro of choice"
(if one is dumb enough to believe your claims), had this bug and no other
distro had. Might it have to do with a really idiotic decision on the part
of the debian maintainers?
So, why exactly is this a "linux bug", "kernel hacker" Hadron Quark?
--
You're genuinely bogus.
7
wrote on behalf of Half Wits from Micoshaft Department of Marketing:
> 7 wrote:
>
>> BSD Pirates ;)
>
> Idiot.
BWAHAHAHAHAHAHAHAHAAAA!!!
You knowledge challenged idiot and fool!
Tim Smith
Peter Kohlmann <peter.k...@arcor.de> wrote:
> http://www.securityfocus.com/archive/1/498471
>
> Well, they obviuously have rewritten their stack here.
> After all, who wants old bugs? *New* bugs are what the world needs
You know better than this, Peter. By COLA standards, this doesn't count
as a serious bug, since it appears to only allow a local, privileged,
user to either DoS himself, or escalate privileges.
At least, that's the story when such bugs are found in Linux (which
happens several times a year for the kernel, and several times a month
if you include libraries and applications).
--
--Tim Smith
Peter Köhlmann
It does not matter if it is local or remote.
What *does* matter though that those incompetent monkeys at MS failed to do
even so much as a cursery check on values.
How much more of such time-bombs did they hide in their shiny all new Vista?
--
Another name for a Windows tutorial is crash course
Tim Smith
Peter Kohlmann <peter.k...@arcor.de> wrote:
> It does not matter if it is local or remote.
> What *does* matter though that those incompetent monkeys at MS failed to do
> even so much as a cursery check on values.
> How much more of such time-bombs did they hide in their shiny all new Vista?
How is this different from when Linux kernel coders fail to check
values? E.g.,
<http://secunia.com/advisories/31509/>
which was a failure to sanitize user-supplied values before using them
as sizes for memory allocation.
--
--Tim Smith
Clogwog
> Clogwog wrote:
>> LMFAO @ you!
>
> How about 7 years...
>
> http://www.securityfocus.com/archive/1/319133
>
> "Also found and demonstrated by dildog at defcon 3 years ago. So don't
> hold your breath waiting for that patch."
Ha, ha! What about all those undiscovered exploits in Linux? Linux is
crashing constantly, take a look at DFS's posts.
http://ecos.sourceware.org/docs-latest/ref/devs-eth-synth-ecosynth.html
"Also, as with any suid root programs there may be as yet undiscovered
exploits"
You COLA liars always tell us that Linux is more secure than Windows, so
please explain why Linux & Windows have the same EAL 4+ rating?
http://www.integrityglobalsecurity.com/pages/learnCommon.html
LMFAO @ you!
Hadron
No. no. Linux is not spelt "W-I-N-D-O-W-S" so that doesn't count.
--
"I program Windows systems yes. But I am not a Windows user."
Peter Koehlmann, COLA.
chrisv
>Hadron quacked:
>>
>> maybe you should switch to Linux? Just make sure your ssh keys are not
>> compromised ....
>
>Oh, looky looky: Hadron Quark, the "true linux advocate", deflecting a real
>bad windows bug by pointing to a debian bug *and* implying it is a "linux
>bug". In the vain hope that somehow, magically, this windows bug might look
>somewhat less bad
What an *asshole*, Quack is.
Tony Manco
> Linux is crashing constantly, take a look at DFS's posts.
Oh really, if "Linux" is crashing constantly why is Google still online?
> http://ecos.sourceware.org/docs-latest/ref/devs-eth-synth-ecosynth.html
> "Also, as with any suid root programs there may be as yet undiscovered
> exploits"
How about in Windows, do you know how many undiscovered exploits there are?
chrisv
>> Linux is crashing constantly, take a look at DFS's posts.
>
>Oh really, if "Linux" is crashing constantly why is Google still online?
FFS is that really worth responding-to? "look at DFS's posts"?
Sheesh.
Tony Manco
> FFS is that really worth responding-to? "look at DFS's posts"?
> Sheesh.
ok I'll stop...
Kelsey Bjarnason
> "BSD Pirates" implies BSD licensed software was stolen. So tell us
> (tinu) oh monument to Linux Advocacy, how exactly does one "steal"
> something that is given away for free?
Wasn't that the whole foundation of the SCO suit? :)
Cork Soaker
Hahaha. That's what I thought.
Results 1 - 10 of about 355,000 for windows crashing constantly
http://www.google.co.uk/search?q=windows+crashing+constantly&ie=utf-8&oe=utf-8&aq=t&rls=com.ubuntu:en-GB:unofficial&client=firefox-a
Cork Soaker
> Jerry McBride <jmcb...@mail-on.us> writes:
>
>> Peter Köhlmann wrote:
>>
>>> http://www.securityfocus.com/archive/1/498471
>>>
>>> Well, they obviuously have rewritten their stack here.
>>> After all, who wants old bugs? *New* bugs are what the world needs
>> How quaint... Thanks MicroSoft...
>
> maybe you should switch to Linux? Just make sure your ssh keys are not
> compromised ....
>
> http://it.slashdot.org/article.pl?sid=08/05/13/1533212&from=rss
>
> It was there for 2 years leaving "Debian server" totally open to anyone
> you could be bothered to hack in if they had sshd running.
>
You think that two years is longer than seven years and counting?
Hardon, you mucky fucking liar!
Cork Soaker
> Tim Smith <reply_i...@mouse-potato.com> writes:
>
>> In article <492a548d$0$31342$9b4e...@newsspool4.arcor-online.net>,
>> Peter Kohlmann <peter.k...@arcor.de> wrote:
>>> It does not matter if it is local or remote.
>>> What *does* matter though that those incompetent monkeys at MS failed to do
>>> even so much as a cursery check on values.
>>> How much more of such time-bombs did they hide in their shiny all new Vista?
>> How is this different from when Linux kernel coders fail to check
>> values? E.g.,
>>
>> <http://secunia.com/advisories/31509/>
>>
>> which was a failure to sanitize user-supplied values before using them
>> as sizes for memory allocation.
>
> No. no. Linux is not spelt "W-I-N-D-O-W-S" so that doesn't count.
>
Hardon is such an idiot, he didn't understand a word you just said!
7
> "BSD Pirates" implies BSD licensed software was stolen. So tell us
> (tinu) oh monument to Linux Advocacy, how exactly does one "steal"
> something that is given away for free?
Is that so oh clueless one?!!!!
Now that you explained what a "BSD Pirate" is,
what do you think a "BSD Pirate ;)" is ?
<crickets!>
<crickets!>
<crickets!>
Clogwog
> Clogwog wrote:
>> Linux is crashing constantly, take a look at DFS's posts.
>
> Oh really, if "Linux" is crashing constantly why is Google still online?
>
>> http://ecos.sourceware.org/docs-latest/ref/devs-eth-synth-ecosynth.html
>> "Also, as with any suid root programs there may be as yet undiscovered
>> exploits"
>
> How about in Windows, do you know how many undiscovered exploits there
> are?
1) Windows is *the* target for finding new exploits, because 92% desktop
users are Windows users.
2) They are patched faster than in any other OS!
http://www.cio.de/news/cio_worldnews/838396/
Windows Vista deserved an A+ security report card
http://computerworld.co.nz/news.nsf/scrt/2E0A8EE86BB7DC97CC25730100196756
B.t.w.
The remaining question you snipped still stands, no second prizes!, so I win
==> you lose!
Paul Hovnanian P.E.
>
> Peter Köhlmann wrote:
>
> > http://www.securityfocus.com/archive/1/498471
> >
> > Well, they obviuously have rewritten their stack here.
> > After all, who wants old bugs? *New* bugs are what the world needs
>
Except BSD doesn't seem to suffer from the same woes. If Microsoft
borrowed the BSD TCP stack, what exactly were they doing with it that
resulted in them buggering it up? And why?
--
Paul Hovnanian mailto:Pa...@Hovnanian.com
------------------------------------------------------------------
Opinions stated herein are the sole property of the author. Standard
disclaimers apply. Celebrity voice impersonated. Batteries not included.
Limit one to a customer. Best if used by April 1, 2009. Refrigerate
after opening. Void if removed.
Sinister Midget
> Except BSD doesn't seem to suffer from the same woes. If Microsoft
> borrowed the BSD TCP stack, what exactly were they doing with it that
> resulted in them buggering it up?
Rewriting it to fit the Vista security model.
> And why?
To make it as secure as all of the rest of Windows.
--
In the fight between you and the world, back the world.
-- Frank Zappa
alt
> 7 wrote:
>>
>> Peter Köhlmann wrote:
>>
>> > http://www.securityfocus.com/archive/1/498471
>> >
>> > Well, they obviuously have rewritten their stack here. After all, who
>> > wants old bugs? *New* bugs are what the world needs
>>
>> Serves them right for being BSD Pirates ;)
>
> Except BSD doesn't seem to suffer from the same woes. If Microsoft
> borrowed the BSD TCP stack, what exactly were they doing with it that
> resulted in them buggering it up? And why?
They were "extending" it.
ml2mst
Funny is that their implementation of TCP does not sent RST (Reset)
packets, which make FIN, X-MAS and NULL-scans useless.
The issue is covered on page 184-187 of this little gem:
http://en.wikipedia.org/wiki/index.html?curid=2379185
And just became aware that there is a 2'nd edition:
http://www.nostarch.com/hacking2.htm
Yeeeha ;-)
Fortunately I don't know what else they did with their implementation...
Cheers
--
|_|0|_| Marti T. van Lin
|_|_|0| http://ml2mst.googlepages.com
|0|0|0| http://osgeex.blogspot.com