uh... just in case you hadn't seen this. i'm forwarding it because i think it might be relevant.
all best, luke ----- Forwarded message from Andrew van der Stock <[EMAIL PROTECTED]> ----- Delivered-To: [EMAIL PROTECTED] Delivered-To: [EMAIL PROTECTED] Approved-By: [EMAIL PROTECTED] X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2462.0000 Importance: Normal Date: Mon, 16 Jul 2001 19:47:56 +1000 From: Andrew van der Stock <[EMAIL PROTECTED]> Subject: Re: Remote DoS attack against SSH Secure Shell for Windows Servers Vulnerability To: [EMAIL PROTECTED] In-Reply-To: <[EMAIL PROTECTED]> Almost every program using MS's C Runtime library for select() will suffer from this problem. This vulnerability is only a problem if it listens on a port. For example, nslookup.exe from Microsoft uses a whole bunch of CRT calls, including select(), but doesn't listen on any ports. Look for programs that use select(), and load msvcrt.dll (or close relations, and/or statically link with them). The CRT has been known broken for a long time. If you port programs from Unix-land, please do yourselves a favor, and change code that relies heavily on select() or poll() to use native winsock async I/O. Not only do you get far higher throughput, it's likely that you will be far more robust. Andrew -----Original Message----- From: Windows NTBugtraq Mailing List [mailto:[EMAIL PROTECTED] Behalf Of USSR Labs Sent: Friday, 16 March 2001 05:42 To: [EMAIL PROTECTED] Subject: Remote DoS attack against SSH Secure Shell for Windows Servers Vulnerability Importance: High [snip] Topic: Remote DoS attack against SSH Secure Shell for Windows Servers Vulnerability ---------------------------------------------------------------------------- Delivery co-sponsored by Trend Micro ============================================================================ TREND MICRO REAL-TIME VIRUS ALERTS If you would like to know about a virus outbreak before CNN and ZDNet get Trend Micro Virus Info Feed FREE. Simply copy and paste a small piece of code to give your visitors a real-time top 10 list and the latest virus advisories. Setup takes just 10 minutes and requires no server-side code on your Web site. All content is updated automatically from Trend Micro's Web site. http://www.antivirus.com/banners/tracking.asp?si=8&bi=237&ul=/syndication/ vinfo/ ---------------------------------------------------------------------------- ----- End forwarded message -----