[ajv@E-SECURE.COM.AU: Re: Remote DoS attack against SSH Secure Shell for Windows Servers Vulnerability]

16 Jul 2001 14:31:44 -0000 

uh... just in case you hadn't seen this.  i'm forwarding it
because i think it might be relevant.

all best,

luke

----- Forwarded message from Andrew van der Stock <[EMAIL PROTECTED]> -----

Delivered-To: [EMAIL PROTECTED]
Delivered-To: [EMAIL PROTECTED]
Approved-By: [EMAIL PROTECTED]
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0)
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2462.0000
Importance: Normal
Date:         Mon, 16 Jul 2001 19:47:56 +1000
From: Andrew van der Stock <[EMAIL PROTECTED]>
Subject:      Re: Remote DoS attack against SSH Secure Shell for Windows
              Servers Vulnerability
To: [EMAIL PROTECTED]
In-Reply-To:  <[EMAIL PROTECTED]>

Almost every program using MS's C Runtime library for select() will suffer
from this problem. This vulnerability is only a problem if it listens on a
port. For example, nslookup.exe from Microsoft uses a whole bunch of CRT
calls, including select(), but doesn't listen on any ports.

Look for programs that use select(), and load msvcrt.dll (or close
relations, and/or statically link with them). The CRT has been known broken
for a long time.

If you port programs from Unix-land, please do yourselves a favor, and
change code that relies heavily on select() or poll() to use native winsock
async I/O. Not only do you get far higher throughput, it's likely that you
will be far more robust.

Andrew

-----Original Message-----
From: Windows NTBugtraq Mailing List
[mailto:[EMAIL PROTECTED] Behalf Of USSR Labs
Sent: Friday, 16 March 2001 05:42
To: [EMAIL PROTECTED]
Subject: Remote DoS attack against SSH Secure Shell for Windows Servers
Vulnerability
Importance: High


[snip]
Topic:              Remote DoS attack against SSH Secure Shell for
Windows Servers Vulnerability

----------------------------------------------------------------------------
Delivery co-sponsored by Trend Micro
============================================================================
TREND MICRO REAL-TIME VIRUS ALERTS
If you would like to know about a virus outbreak before CNN and ZDNet get
Trend Micro Virus Info Feed FREE. Simply copy and paste a small piece of
code to give your visitors a real-time top 10 list and the latest virus
advisories. Setup takes just 10 minutes and requires no server-side code on
your Web site. All content is updated automatically from Trend Micro's Web
site.
http://www.antivirus.com/banners/tracking.asp?si=8&bi=237&ul=/syndication/
vinfo/
----------------------------------------------------------------------------

----- End forwarded message -----

Reply via email to