Windows 7 / Server 2008R2 Remote Kernel Crash
Page 1 of 1
Windows 7 / Server 2008R2 Remote Kernel Crash
This bug is a real proof that SDL #_FAIL_
The bug trigger an infinite loop on smb{1,2}, pre-auth, no credential needed...
Can even be trigerred outside the lan via (IE*, over layer 5..)
The bug is sooooo noob, it should have been spotted 2 years ago by the SDL if the SDL would have ever existed:
netbios_header = struct.pack(">i", len(''.join(SMB_packet))+SMB_packet
(The netbios header provide the length of the incoming smb{1,2} packet)
If netbios_header is 4 bytes smaller or more than SMB_packet, it just blow !
WHAAAAAAAAT ?? you gotta be kidding me where's my SDL ???
Yeah scary shit.
"Most secure Os ever";
Oh yeah, what ever your firewall is set to, you can get remotly smashed via IE or even via some broadcasting nbns tricks (no user interaction)
How's that funny.
Here's the Advisory: http://g-laurent.blogspot.com
Check also: Windows 7 / Windows Server 2008 R2 Remote SMB Exploit
Metasploit how has PoC modules for Laurent Gaffie's new SMB2 bug as well as MS09-065
The bug trigger an infinite loop on smb{1,2}, pre-auth, no credential needed...
Can even be trigerred outside the lan via (IE*, over layer 5..)
The bug is sooooo noob, it should have been spotted 2 years ago by the SDL if the SDL would have ever existed:
netbios_header = struct.pack(">i", len(''.join(SMB_packet))+SMB_packet
(The netbios header provide the length of the incoming smb{1,2} packet)
If netbios_header is 4 bytes smaller or more than SMB_packet, it just blow !
WHAAAAAAAAT ?? you gotta be kidding me where's my SDL ???
Yeah scary shit.
"Most secure Os ever";
Oh yeah, what ever your firewall is set to, you can get remotly smashed via IE or even via some broadcasting nbns tricks (no user interaction)
How's that funny.
Here's the Advisory: http://g-laurent.blogspot.com
Check also: Windows 7 / Windows Server 2008 R2 Remote SMB Exploit
Metasploit how has PoC modules for Laurent Gaffie's new SMB2 bug as well as MS09-065
andry- Moderator
- Posts : 467
Join date : 2010-05-07
Similar topics
» How to install and configure IP version 6 in Windows Server 2003 Enterprise Server
» Safari for Windows 3.2.1 Remote http: URI handler DoS
» Windows Vista/7 : SMB2.0 NEGOTIATE PROTOCOL REQUEST Remote B.S.O.D. Exploit
» Windows live Messenger malformed file overflow DoS remote exploitation.
» DNS Stub Zones in Windows Server 2003
» Safari for Windows 3.2.1 Remote http: URI handler DoS
» Windows Vista/7 : SMB2.0 NEGOTIATE PROTOCOL REQUEST Remote B.S.O.D. Exploit
» Windows live Messenger malformed file overflow DoS remote exploitation.
» DNS Stub Zones in Windows Server 2003
Page 1 of 1
Permissions in this forum:
You cannot reply to topics in this forum
|
|