Re: [Full-disclosure] Windows Vista/7 : SMB2.0 NEGOTIATE PROTOCOL REQUEST Remote B.S.O.D.

2009-10-05 Thread laurent gaffie
More explication on cve-2009-3103 http://g-laurent.blogspot.com/2009/10/more-explication-on-cve-2009-3103.html ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia -

Re: [Full-disclosure] Windows Vista/7 : SMB2.0 NEGOTIATE PROTOCOL REQUEST Remote B.S.O.D.

2009-09-14 Thread Randal T. Rioux
It's fun :-) On Mon, September 14, 2009 12:14 pm, D-vice wrote: You wrote an exploit in java *head explodes* On Mon, Sep 14, 2009 at 6:02 AM, Randal T. Rioux ra...@procyonlabs.comwrote: After testing my version of the exploit (using Java instead of Python) I tried it against a

Re: [Full-disclosure] Windows Vista/7 : SMB2.0 NEGOTIATE PROTOCOL REQUEST Remote B.S.O.D.

2009-09-14 Thread D-vice
You wrote an exploit in java *head explodes* On Mon, Sep 14, 2009 at 6:02 AM, Randal T. Rioux ra...@procyonlabs.comwrote: After testing my version of the exploit (using Java instead of Python) I tried it against a Windows Server 2008 R2 installation - it went down.

Re: [Full-disclosure] Windows Vista/7 : SMB2.0 NEGOTIATE PROTOCOL REQUEST Remote B.S.O.D.

2009-09-14 Thread r1d1nd1rty
Oh WOW! More exploit code ported to Java!! Hello Randy, Not everyone would have gone to all the trouble you did for me and I want you to know how much I appreciate it. It seems that you are always going above and beyond the call of duty. No wonder so many people are happy and proud to call

Re: [Full-disclosure] Windows Vista/7 : SMB2.0 NEGOTIATE PROTOCOL REQUEST Remote B.S.O.D.

2009-09-14 Thread Randal T. Rioux
Scratch that - the version of 2008 I had wasn't an official R2 release. So original reports still hold. It didn't crash my R2 build 7600. Laurent, et al, has this been tried against an Itanium machine? Just curious. Nobody at work will let me test the exploit against their Itanium servers. Randy

Re: [Full-disclosure] Windows Vista/7 : SMB2.0 NEGOTIATE PROTOCOL REQUEST Remote B.S.O.D.

2009-09-13 Thread Randal T. Rioux
After testing my version of the exploit (using Java instead of Python) I tried it against a Windows Server 2008 R2 installation - it went down. http://www.procyonlabs.com/software/smb2_bsoder Randy laurent gaffie wrote: Advisory updated : = -

Re: [Full-disclosure] Windows Vista/7 : SMB2.0 NEGOTIATE PROTOCOL REQUEST Remote B.S.O.D.

2009-09-11 Thread laurent gaffie
Advisory updated : = - Release date: September 7th, 2009 - Discovered by: Laurent GaffiƩ - Severity: High = I. VULNERABILITY - Windows Vista, Server 2008 R2, 7 RC : SMB2.0 NEGOTIATE

Re: [Full-disclosure] Windows Vista/7 : SMB2.0 NEGOTIATE PROTOCOL REQUEST Remote B.S.O.D.

2009-09-10 Thread Mitch Oliver
I. VULNERABILITY - - Windows Vista/7 : SMB2.0 NEGOTIATE PROTOCOL REQUEST Remote B.S.O.D. This does not appear to apply to the version of Windows 7 released to manufacture. It does, however, apply to all beta versions and Windows 2008.

Re: [Full-disclosure] Windows Vista/7 : SMB2.0 NEGOTIATE PROTOCOL REQUEST Remote B.S.O.D.

2009-09-09 Thread randomguy
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 How come all I hear about is n3td3v, and I see noone crying out lout about this : http://www.reversemode.com/index.php?option=com_mamblogItemid=15ta sk=showaction=viewid=64Itemid=15 is fd all 'bout trolls nao? - --

Re: [Full-disclosure] Windows Vista/7 : SMB2.0 NEGOTIATE PROTOCOL REQUEST Remote B.S.O.D.

2009-09-09 Thread James Matthews
So Msoft! why can't they just stop reintroducing bugs? On Wed, Sep 9, 2009 at 11:04 AM, random...@hushmail.com wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 How come all I hear about is n3td3v, and I see noone crying out lout about this :

[Full-disclosure] Windows Vista/7 : SMB2.0 NEGOTIATE PROTOCOL REQUEST Remote B.S.O.D.

2009-09-07 Thread laurent gaffie
= - Release date: September 7th, 2009 - Discovered by: Laurent GaffiƩ - Severity: Medium/High = I. VULNERABILITY - Windows Vista/7 : SMB2.0 NEGOTIATE PROTOCOL REQUEST Remote B.S.O.D.