Text 5099, 204 rader
Skriven 2005-06-17 17:51:38 av Rich (1:379/45)
Kommentar till text 5092 av Mike '/m' (1:379/45)
Ärende: Re: Microsoft meets the hackers
=======================================
From: "Rich" <@>
This is a multi-part message in MIME format.
------=_NextPart_000_0298_01C57365.36884AC0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
And just like I told you before there is no unchecked buffer. I'm =
sure had you looked in your own archives you would find this.
Rich
"Mike '/m'" <mike@barkto.com> wrote in message =
news:n9j6b11g4m7bb9lbap5136j1a5tljkmqnl@4ax.com...
http://www.microsoft.com/technet/security/bulletin/MS01-059.mspx
=3D=3D=3D
Microsoft Security Bulletin MS01-059
Unchecked Buffer in Universal Plug and Play can Lead to System
Compromise
Originally posted: December 20, 2001
...
Technical description:=20
Universal Plug and Play (UPnP) allows computers to discover and use
network-based devices. Windows ME and XP include native UPnP support;
Windows 98 and 98SE do not include native UPnP support, but it can be
installed via the Internet Connection Sharing client that ships with
Windows XP. This bulletin discusses two vulnerabilities affecting =
these
UPnP implementations. Although the vulnerabilities are unrelated, both
involve how UPnP-capable computers handle the discovery of new devices
on the network.=20
The first vulnerability is a buffer overrun vulnerability. There is an
unchecked buffer in one of the components that handle NOTIFY =
directives
- messages that advertise the availability of UPnP-capable devices on
the network. By sending a specially malformed NOTIFY directive, it =
would
be possible for an attacker to cause code to run in the context of the
UPnP subsystem, which runs with System privileges on Windows XP. (On
Windows 98 and Windows ME, all code executes as part of the operating
system). This would enable the attacker to gain complete control over
the system.
...
=3D=3D=3D
/m
On Fri, 17 Jun 2005 14:27:28 -0700, "Rich" <@> wrote:
> Which was not a buffer overflow. You have been told this before.
>
>Rich
>
> "Mike '/m'" <mike@barkto.com> wrote in message =
news:fse6b1hq91083dl0nv5ve3nbe4ck6haqja@4ax.com...
>
> There was a buffer overflow 'sploit shortly after he made that
> statement. I think it was the uPnP one.
>
> /m
>
>
> On Thu, 16 Jun 2005 19:23:25 -0400, "Tony Ingenoso" =
<admin@spamcop.net>
> wrote:
>
> >Until the typical code entropy introduced during maintenence =
reintroduces
> >them ;->
> >
> >"Mike '/m'" <mike@barkto.com> wrote in message
> >news:vpr3b1943ampop1kdvq9girj29k27pajqs@4ax.com...
> >>
> >> Microsoft has said it has stamped out buffer overflows with the =
upcoming
> >> release of Windows XP. Jim Allchin, vice president, claimed the =
company
> >> has done a complete code review of its operating system and =
removed all
> >> buffers which could overflow....
------=_NextPart_000_0298_01C57365.36884AC0
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Diso-8859-1">
<META content=3D"MSHTML 6.00.2900.2668" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT face=3DArial size=3D2> And just like I told =
you before=20
there is no unchecked buffer. I'm sure had you looked in your own =
archives=20
you would find this.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>Rich</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<BLOCKQUOTE=20
style=3D"PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; =
BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
<DIV>"Mike '/m'" <<A =
href=3D"mailto:mike@barkto.com">mike@barkto.com</A>>=20
wrote in message <A=20
=
href=3D"news:n9j6b11g4m7bb9lbap5136j1a5tljkmqnl@4ax.com">news:n9j6b11g4m7=
bb9lbap5136j1a5tljkmqnl@4ax.com</A>...</DIV><BR><A=20
=
href=3D"http://www.microsoft.com/technet/security/bulletin/MS01-059.mspx"=
>http://www.microsoft.com/technet/security/bulletin/MS01-059.mspx</A><BR>=
<BR>=3D=3D=3D<BR>Microsoft=20
Security Bulletin MS01-059<BR>Unchecked Buffer in Universal Plug and =
Play can=20
Lead to System<BR>Compromise<BR><BR>Originally posted: December 20,=20
2001<BR><BR>...<BR>Technical description: <BR><BR>Universal Plug and =
Play=20
(UPnP) allows computers to discover and use<BR>network-based devices. =
Windows=20
ME and XP include native UPnP support;<BR>Windows 98 and 98SE do not =
include=20
native UPnP support, but it can be<BR>installed via the Internet =
Connection=20
Sharing client that ships with<BR>Windows XP. This bulletin discusses =
two=20
vulnerabilities affecting these<BR>UPnP implementations. Although the=20
vulnerabilities are unrelated, both<BR>involve how UPnP-capable =
computers=20
handle the discovery of new devices<BR>on the network. <BR><BR>The =
first=20
vulnerability is a buffer overrun vulnerability. There is =
an<BR>unchecked=20
buffer in one of the components that handle NOTIFY directives<BR>- =
messages=20
that advertise the availability of UPnP-capable devices on<BR>the =
network. By=20
sending a specially malformed NOTIFY directive, it would<BR>be =
possible for an=20
attacker to cause code to run in the context of the<BR>UPnP subsystem, =
which=20
runs with System privileges on Windows XP. (On<BR>Windows 98 and =
Windows ME,=20
all code executes as part of the operating<BR>system). This would =
enable the=20
attacker to gain complete control over<BR>the=20
system.<BR>...<BR>=3D=3D=3D<BR><BR> /m<BR><BR><BR><BR><BR><BR>On =
Fri, 17 Jun=20
2005 14:27:28 -0700, "Rich" <@> wrote:<BR><BR>> =
Which was=20
not a buffer overflow. You have been told this=20
before.<BR>><BR>>Rich<BR>><BR>> "Mike '/m'" <<A=20
href=3D"mailto:mike@barkto.com">mike@barkto.com</A>> wrote in =
message <A=20
=
href=3D"news:fse6b1hq91083dl0nv5ve3nbe4ck6haqja@4ax.com">news:fse6b1hq910=
83dl0nv5ve3nbe4ck6haqja@4ax.com</A>...<BR>><BR>> =20
There was a buffer overflow 'sploit shortly after he made =
that<BR>> =20
statement. I think it was the uPnP =
one.<BR>><BR>> =20
/m<BR>><BR>><BR>> On Thu, 16 Jun 2005 19:23:25 -0400, =
"Tony=20
Ingenoso" <<A=20
=
href=3D"mailto:admin@spamcop.net">admin@spamcop.net</A>><BR>> =
=20
wrote:<BR>><BR>> >Until the typical code entropy =
introduced=20
during maintenence reintroduces<BR>> >them =
;-><BR>> =20
><BR>> >"Mike '/m'" <<A=20
href=3D"mailto:mike@barkto.com">mike@barkto.com</A>> wrote in=20
message<BR>> =20
>news:vpr3b1943ampop1kdvq9girj29k27pajqs@4ax.com...<BR>> =20
>><BR>> >> Microsoft has said it has stamped out =
buffer=20
overflows with the upcoming<BR>> >> release of Windows =
XP. Jim=20
Allchin, vice president, claimed the company<BR>> >> =
has done a=20
complete code review of its operating system and removed =
all<BR>> =20
>> buffers which could =
overflow....<BR></BLOCKQUOTE></BODY></HTML>
------=_NextPart_000_0298_01C57365.36884AC0--
--- BBBS/NT v4.01 Flag-5
* Origin: Barktopia BBS Site http://HarborWebs.com:8081 (1:379/45)
|