Text 5193, 223 rader
Skriven 2005-06-19 16:28:36 av Rich (1:379/45)
Kommentar till text 5190 av Geo (1:379/45)
Ärende: Re: Microsoft meets the hackers
=======================================
From: "Rich" <@>
This is a multi-part message in MIME format.
------=_NextPart_000_00C9_01C574EB.F2190630
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
It is not a buffer overflow. It is not a buffer overrun. Neither.
Rich
"Geo" <georger@nls.net> wrote in message news:42b5fba2@w3.nls.net...
You are mistaken, the terms overflow and overrun are interchangeable.=20
See =
http://www.google.com/search?hl=3Den&q=3Dbuffer+overflow+vs+overrun
Geo.
"Rich" <@> wrote in message news:42b5cf5f@w3.nls.net...
And its still not a buffer overflow.
Rich
"Geo" <georger@nls.net> wrote in message =
news:42b5b845$1@w3.nls.net...
"The first vulnerability is a buffer overrun vulnerability. There =
is an
unchecked buffer in one of the components that handle NOTIFY =
directives -
messages that advertise the availability of UPnP-capable devices =
on the
network. By sending a specially malformed NOTIFY directive, it =
would be
possible for an attacker to cause code to run in the context of =
the UPnP
subsystem, which runs with System privileges on Windows XP. (On =
Windows 98
and Windows ME, all code executes as part of the operating =
system). This
would enable the attacker to gain complete control over the =
system."
Geo. (that's what I was remembering)
"Mike '/m'" <mike@barkto.com> wrote in message
news:mo08b11ajd3kbsnh983397keg6vkgmh2lv@4ax.com...
>
>
> Here's the reference on the Microsoft site
> http://www.microsoft.com/technet/security/bulletin/MS01-059.mspx
>
> Rich is usually so very good are dredging up all manner of =
minutae from
> that site, I wonder why he missed this one? Probably because he =
uses
> Microsoft search to find them, while I use google for searching.
>
> /m
>
> On Fri, 17 Jun 2005 23:09:37 -0400, "Geo" <georger@nls.net> =
wrote:
>
> >It wasn't? I thought it was an overly long notification =
message? Upnp
expected a "hi I'm here" but if you sent "hi I'm here and I'd =
really like
you to execute the following code <insert code here>" that it =
would be more
than happy to do as you asked?
> >
> >Geo.
> > "Rich" <@> wrote in message news:42b33fae@w3.nls.net...
> > Which was not a buffer overflow. You have been told this =
before.
> >
> > Rich
> >
> > "Mike '/m'" <mike@barkto.com> wrote in message
news:fse6b1hq91083dl0nv5ve3nbe4ck6haqja@4ax.com...
> >
> > There was a buffer overflow 'sploit shortly after he made =
that
> > statement. I think it was the uPnP one.
> >
> > /m
> >
>
------=_NextPart_000_00C9_01C574EB.F2190630
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Diso-8859-1">
<META content=3D"MSHTML 6.00.2900.2668" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT face=3DArial size=3D2> It is not a buffer=20
overflow. It is not a buffer overrun. Neither.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>Rich</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<BLOCKQUOTE dir=3Dltr=20
style=3D"PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; =
BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
<DIV>"Geo" <<A =
href=3D"mailto:georger@nls.net">georger@nls.net</A>> wrote=20
in message <A=20
=
href=3D"news:42b5fba2@w3.nls.net">news:42b5fba2@w3.nls.net</A>...</DIV>
<DIV><FONT face=3DArial size=3D2>You are mistaken, the terms overflow =
and overrun=20
are interchangeable. </FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>See <A=20
=
href=3D"http://www.google.com/search?hl=3Den&q=3Dbuffer+overflow+vs+o=
verrun">http://www.google.com/search?hl=3Den&q=3Dbuffer+overflow+vs+o=
verrun</A></FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>Geo.</FONT></DIV>
<BLOCKQUOTE dir=3Dltr=20
style=3D"PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; =
BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
<DIV>"Rich" <@> wrote in message <A=20
=
href=3D"news:42b5cf5f@w3.nls.net">news:42b5cf5f@w3.nls.net</A>...</DIV>
<DIV><FONT face=3DArial size=3D2> And its still not a =
buffer=20
overflow.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>Rich</FONT></DIV>
<DIV> </DIV>
<BLOCKQUOTE=20
style=3D"PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; =
BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
<DIV>"Geo" <<A =
href=3D"mailto:georger@nls.net">georger@nls.net</A>>=20
wrote in message <A=20
=
href=3D"news:42b5b845$1@w3.nls.net">news:42b5b845$1@w3.nls.net</A>...</DI=
V>"The=20
first vulnerability is a buffer overrun vulnerability. There is=20
an<BR>unchecked buffer in one of the components that handle NOTIFY =
directives -<BR>messages that advertise the availability of =
UPnP-capable=20
devices on the<BR>network. By sending a specially malformed NOTIFY =
directive, it would be<BR>possible for an attacker to cause code =
to run in=20
the context of the UPnP<BR>subsystem, which runs with System =
privileges on=20
Windows XP. (On Windows 98<BR>and Windows ME, all code executes as =
part of=20
the operating system). This<BR>would enable the attacker to gain =
complete=20
control over the system."<BR><BR>Geo. (that's what I was=20
remembering)<BR><BR>"Mike '/m'" <<A=20
href=3D"mailto:mike@barkto.com">mike@barkto.com</A>> wrote in=20
message<BR><A=20
=
href=3D"news:mo08b11ajd3kbsnh983397keg6vkgmh2lv@4ax.com">news:mo08b11ajd3=
kbsnh983397keg6vkgmh2lv@4ax.com</A>...<BR>><BR>><BR>>=20
Here's the reference on the Microsoft site<BR>> <A=20
=
href=3D"http://www.microsoft.com/technet/security/bulletin/MS01-059.mspx"=
>http://www.microsoft.com/technet/security/bulletin/MS01-059.mspx</A><BR>=
><BR>>=20
Rich is usually so very good are dredging up all manner of minutae =
from<BR>> that site, I wonder why he missed this one? =
Probably=20
because he uses<BR>> Microsoft search to find them, while I use =
google=20
for searching.<BR>><BR>> /m<BR>><BR>> On Fri, 17 =
Jun=20
2005 23:09:37 -0400, "Geo" <<A=20
href=3D"mailto:georger@nls.net">georger@nls.net</A>>=20
wrote:<BR>><BR>> >It wasn't? I thought it was an overly =
long=20
notification message? Upnp<BR>expected a "hi I'm here" but if you =
sent "hi=20
I'm here and I'd really like<BR>you to execute the following code=20
<insert code here>" that it would be more<BR>than happy to =
do as you=20
asked?<BR>> ><BR>> >Geo.<BR>> > "Rich" =
<@>=20
wrote in message <A=20
=
href=3D"news:42b33fae@w3.nls.net">news:42b33fae@w3.nls.net</A>...<BR>>=
=20
> Which was not a buffer =
overflow. =20
You have been told this before.<BR>> ><BR>> > =20
Rich<BR>> ><BR>> > "Mike '/m'" =
<<A=20
href=3D"mailto:mike@barkto.com">mike@barkto.com</A>> wrote in=20
message<BR><A=20
=
href=3D"news:fse6b1hq91083dl0nv5ve3nbe4ck6haqja@4ax.com">news:fse6b1hq910=
83dl0nv5ve3nbe4ck6haqja@4ax.com</A>...<BR>>=20
><BR>> > There was a buffer overflow =
'sploit=20
shortly after he made that<BR>> > =
statement. =20
I think it was the uPnP one.<BR>> ><BR>>=20
> /m<BR>>=20
=
><BR>><BR><BR></BLOCKQUOTE></BLOCKQUOTE></BLOCKQUOTE></BODY></HTML>=
------=_NextPart_000_00C9_01C574EB.F2190630--
--- BBBS/NT v4.01 Flag-5
* Origin: Barktopia BBS Site http://HarborWebs.com:8081 (1:379/45)
|