Text 5134, 214 rader
Skriven 2005-06-18 10:22:08 av Rich (1:379/45)
Kommentar till text 5122 av Mike '/m' (1:379/45)
Ärende: Re: Microsoft meets the hackers
=======================================
From: "Rich" <@>
This is a multi-part message in MIME format.
------=_NextPart_000_0328_01C573EF.9520F430
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Yet it is still true.
Rich
"Mike '/m'" <mike@barkto.com> wrote in message =
news:9i08b197n2mtu7def5dhvqglt015iun83u@4ax.com...
Just because you told me before that there was no unchecked buffer =
does
not mean what you told me is true.
/m
On Fri, 17 Jun 2005 17:51:39 -0700, "Rich" <@> wrote:
> And just like I told you before there is no unchecked buffer. I'm =
sure had you looked in your own archives you would find this.
>
>Rich
>
> "Mike '/m'" <mike@barkto.com> wrote in message =
news:n9j6b11g4m7bb9lbap5136j1a5tljkmqnl@4ax.com...
>
> http://www.microsoft.com/technet/security/bulletin/MS01-059.mspx
>
> =3D=3D=3D
> Microsoft Security Bulletin MS01-059
> Unchecked Buffer in Universal Plug and Play can Lead to System
> Compromise
>
> Originally posted: December 20, 2001
>
> ...
> Technical description:=20
>
> Universal Plug and Play (UPnP) allows computers to discover and use
> network-based devices. Windows ME and XP include native UPnP =
support;
> Windows 98 and 98SE do not include native UPnP support, but it can =
be
> installed via the Internet Connection Sharing client that ships =
with
> Windows XP. This bulletin discusses two vulnerabilities affecting =
these
> UPnP implementations. Although the vulnerabilities are unrelated, =
both
> involve how UPnP-capable computers handle the discovery of new =
devices
> on the network.=20
>
> The first vulnerability is a buffer overrun vulnerability. There is =
an
> unchecked buffer in one of the components that handle NOTIFY =
directives
> - messages that advertise the availability of UPnP-capable devices =
on
> the network. By sending a specially malformed NOTIFY directive, it =
would
> be possible for an attacker to cause code to run in the context of =
the
> UPnP subsystem, which runs with System privileges on Windows XP. =
(On
> Windows 98 and Windows ME, all code executes as part of the =
operating
> system). This would enable the attacker to gain complete control =
over
> the system.
> ...
> =3D=3D=3D
>
> /m
>
>
>
>
>
> On Fri, 17 Jun 2005 14:27:28 -0700, "Rich" <@> wrote:
>
> > Which was not a buffer overflow. You have been told this =
before.
> >
> >Rich
> >
> > "Mike '/m'" <mike@barkto.com> wrote in message =
news:fse6b1hq91083dl0nv5ve3nbe4ck6haqja@4ax.com...
> >
> > There was a buffer overflow 'sploit shortly after he made that
> > statement. I think it was the uPnP one.
> >
> > /m
------=_NextPart_000_0328_01C573EF.9520F430
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Diso-8859-1">
<META content=3D"MSHTML 6.00.2900.2668" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT face=3DArial size=3D2> Yet it is still =
true.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>Rich</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<BLOCKQUOTE=20
style=3D"PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; =
BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
<DIV>"Mike '/m'" <<A =
href=3D"mailto:mike@barkto.com">mike@barkto.com</A>>=20
wrote in message <A=20
=
href=3D"news:9i08b197n2mtu7def5dhvqglt015iun83u@4ax.com">news:9i08b197n2m=
tu7def5dhvqglt015iun83u@4ax.com</A>...</DIV><BR>Just=20
because you told me before that there was no unchecked buffer =
does<BR>not mean=20
what you told me is true.<BR><BR><BR> /m<BR><BR><BR><BR>On Fri, =
17 Jun=20
2005 17:51:39 -0700, "Rich" <@> wrote:<BR><BR>> =
And just=20
like I told you before there is no unchecked buffer. I'm sure =
had you=20
looked in your own archives you would find=20
this.<BR>><BR>>Rich<BR>><BR>> "Mike '/m'" <<A=20
href=3D"mailto:mike@barkto.com">mike@barkto.com</A>> wrote in =
message <A=20
=
href=3D"news:n9j6b11g4m7bb9lbap5136j1a5tljkmqnl@4ax.com">news:n9j6b11g4m7=
bb9lbap5136j1a5tljkmqnl@4ax.com</A>...<BR>><BR>> =20
<A=20
=
href=3D"http://www.microsoft.com/technet/security/bulletin/MS01-059.mspx"=
>http://www.microsoft.com/technet/security/bulletin/MS01-059.mspx</A><BR>=
><BR>> =20
=3D=3D=3D<BR>> Microsoft Security Bulletin =
MS01-059<BR>> Unchecked=20
Buffer in Universal Plug and Play can Lead to System<BR>> =20
Compromise<BR>><BR>> Originally posted: December 20,=20
2001<BR>><BR>> ...<BR>> Technical description:=20
<BR>><BR>> Universal Plug and Play (UPnP) allows computers =
to=20
discover and use<BR>> network-based devices. Windows ME and =
XP=20
include native UPnP support;<BR>> Windows 98 and 98SE do not =
include=20
native UPnP support, but it can be<BR>> installed via the =
Internet=20
Connection Sharing client that ships with<BR>> Windows XP. =
This=20
bulletin discusses two vulnerabilities affecting these<BR>> =
UPnP=20
implementations. Although the vulnerabilities are unrelated,=20
both<BR>> involve how UPnP-capable computers handle the =
discovery of=20
new devices<BR>> on the network. <BR>><BR>> The =
first=20
vulnerability is a buffer overrun vulnerability. There is =
an<BR>> =20
unchecked buffer in one of the components that handle NOTIFY=20
directives<BR>> - messages that advertise the availability of =
UPnP-capable devices on<BR>> the network. By sending a =
specially=20
malformed NOTIFY directive, it would<BR>> be possible for an =
attacker=20
to cause code to run in the context of the<BR>> UPnP =
subsystem, which=20
runs with System privileges on Windows XP. (On<BR>> Windows =
98 and=20
Windows ME, all code executes as part of the operating<BR>> =
system).=20
This would enable the attacker to gain complete control =
over<BR>> the=20
system.<BR>> ...<BR>> =
=3D=3D=3D<BR>><BR>> =20
/m<BR>><BR>><BR>><BR>><BR>><BR>> On Fri, 17 =
Jun 2005=20
14:27:28 -0700, "Rich" <@> wrote:<BR>><BR>> =
> =20
Which was not a buffer overflow. You have been told this=20
before.<BR>> ><BR>> >Rich<BR>> =20
><BR>> > "Mike '/m'" <<A=20
href=3D"mailto:mike@barkto.com">mike@barkto.com</A>> wrote in =
message <A=20
=
href=3D"news:fse6b1hq91083dl0nv5ve3nbe4ck6haqja@4ax.com">news:fse6b1hq910=
83dl0nv5ve3nbe4ck6haqja@4ax.com</A>...<BR>> =20
><BR>> > There was a buffer overflow 'sploit =
shortly=20
after he made that<BR>> > statement. I think =
it was=20
the uPnP one.<BR>> ><BR>> > =20
/m<BR></BLOCKQUOTE></BODY></HTML>
------=_NextPart_000_0328_01C573EF.9520F430--
--- BBBS/NT v4.01 Flag-5
* Origin: Barktopia BBS Site http://HarborWebs.com:8081 (1:379/45)
|