Text 5232, 237 rader
Skriven 2005-06-20 21:05:06 av Rich (1:379/45)
Kommentar till text 5227 av Mike '/m' (1:379/45)
Ärende: Re: Microsoft meets the hackers
=======================================
From: "Rich" <@>
This is a multi-part message in MIME format.
------=_NextPart_000_0181_01C575DB.BCDD8950
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
And this is what the reporter claimed. Maybe you would not report =
what was reported to you. We likely will never know. All we know today = is
that you are willing to make all sorts of claims about something you = know
nothing about trying to refute the statements of someone with very = good
knowledge of the issue. It's not like you will be any less = clueless by
repeating yourself over and over. Is this how you feel = better about
yourself?
Rich
"Mike '/m'" <mike@barkto.com> wrote in message =
news:buveb1lm4bkds04ndd83g288f8ti81v4dc@4ax.com...
I am not talking about what the reporter wrote, I am talking about =
what
the Microsoft security bulletin says in the Technical Details section.
=3D=3D=3D
The first vulnerability is a buffer overrun vulnerability. There is an
unchecked buffer in one of the components that handle NOTIFY =
directives
- messages that advertise the availability of UPnP-capable devices on
the network. By sending a specially malformed NOTIFY directive, it =
would
be possible for an attacker to cause code to run in the context of the
UPnP subsystem, which runs with System privileges on Windows XP. (On
Windows 98 and Windows ME, all code executes as part of the operating
system). This would enable the attacker to gain complete control over
the system.
=3D=3D=3D
"There is an unchecked buffer". Man, that sounds rather specific to
me.=20
/m
On Mon, 20 Jun 2005 19:44:07 -0700, "Rich" <@> wrote:
> That and of course that bulletins rarely if ever mention this =
level of detail. Unchecked buffers are one of the few exceptions and = that I
already explained. The reporter claimed he could overflow a = buffer though
did not, and has not since that I can see, given any = evidence of this. My
speculation is that better err on the side of = caution.
>
>Rich
>
> "Rich" <@> wrote in message news:42b77b11$1@w3.nls.net...
> Not odd. I didn't analyze it until after I saw the public =
bulletin release and what the reporter claims in his PR was the scenario = that
generated overflows. I don't believe the reporter understands what = he saw or
if he did he kept that out of his PR and anything else I could = find, public
or private, on the topic. Unlike the reporter, I don't = issue press releases
or call reporters with what I find even if it could = be embarrassing to him.
But then I don't have a financial interest in = putting others at risk just to
try to make myself look good.
>
> Rich
>
> "Mike '/m'" <mike@barkto.com> wrote in message =
news:15seb1pu019glla3ph9mnje9h2rogh4mnh@4ax.com...
> Oddly, I see no mention of a race condition in the official =
Microsoft
> security bulletin that was originally posted on December 20, 2001 =
and=20
> updated on May 09, 2003
> http://www.microsoft.com/technet/security/bulletin/MS01-059.mspx
>
> /m
>
>
> On Mon, 20 Jun 2005 08:00:02 -0700, "Rich" <@> wrote:
>
> > A race condition.
> >
> >Rich
> >
> > "Geo" <georger@nls.net> wrote in message =
news:42b699ed$2@w3.nls.net...
> > Well what was it then?
> >
> > Geo.
> > "Rich" <@> wrote in message news:42b5feb2@w3.nls.net...
> > It is not a buffer overflow. It is not a buffer overrun. =
Neither.
> >
> > Rich
------=_NextPart_000_0181_01C575DB.BCDD8950
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Diso-8859-1">
<META content=3D"MSHTML 6.00.2900.2668" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT face=3DArial size=3D2> And this is what the =
reporter=20
claimed. Maybe you would not report what was reported to = you.
We=20
likely will never know. All we know today is that you are willing = to
make=20
all sorts of claims about something you know nothing about trying to = refute
the=20
statements of someone with very good knowledge of the issue. It's = not
like=20
you will be any less clueless by repeating yourself over and over. = Is
this=20
how you feel better about yourself?</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>Rich</FONT></DIV>
<DIV> </DIV>
<BLOCKQUOTE=20
style=3D"PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; =
BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
<DIV>"Mike '/m'" <<A =
href=3D"mailto:mike@barkto.com">mike@barkto.com</A>>=20
wrote in message <A=20
=
href=3D"news:buveb1lm4bkds04ndd83g288f8ti81v4dc@4ax.com">news:buveb1lm4bk=
ds04ndd83g288f8ti81v4dc@4ax.com</A>...</DIV><BR>I=20
am not talking about what the reporter wrote, I am talking about =
what<BR>the=20
Microsoft security bulletin says in the Technical Details=20
section.<BR><BR>=3D=3D=3D<BR>The first vulnerability is a buffer =
overrun=20
vulnerability. There is an<BR>unchecked buffer in one of the =
components that=20
handle NOTIFY directives<BR>- messages that advertise the availability =
of=20
UPnP-capable devices on<BR>the network. By sending a specially =
malformed=20
NOTIFY directive, it would<BR>be possible for an attacker to cause =
code to run=20
in the context of the<BR>UPnP subsystem, which runs with System =
privileges on=20
Windows XP. (On<BR>Windows 98 and Windows ME, all code executes as =
part of the=20
operating<BR>system). This would enable the attacker to gain complete =
control=20
over<BR>the system.<BR>=3D=3D=3D<BR><BR>"There is an unchecked =
buffer". =20
Man, that sounds rather specific to<BR>me.=20
<BR><BR> /m<BR><BR><BR><BR><BR><BR>On Mon, 20 Jun 2005 19:44:07 =
-0700,=20
"Rich" <@> wrote:<BR><BR>> That and of course =
that=20
bulletins rarely if ever mention this level of detail. Unchecked =
buffers=20
are one of the few exceptions and that I already explained. The =
reporter=20
claimed he could overflow a buffer though did not, and has not since =
that I=20
can see, given any evidence of this. My speculation is that =
better err=20
on the side of caution.<BR>><BR>>Rich<BR>><BR>> =
"Rich"=20
<@> wrote in message <A=20
=
href=3D"news:42b77b11$1@w3.nls.net">news:42b77b11$1@w3.nls.net</A>...<BR>=
> =20
Not odd. I didn't analyze it until after I saw the public =
bulletin=20
release and what the reporter claims in his PR was the scenario that =
generated=20
overflows. I don't believe the reporter understands what he saw =
or if he=20
did he kept that out of his PR and anything else I could find, public =
or=20
private, on the topic. Unlike the reporter, I don't issue press =
releases=20
or call reporters with what I find even if it could be embarrassing to =
him. But then I don't have a financial interest in putting =
others at=20
risk just to try to make myself look good.<BR>><BR>> =20
Rich<BR>><BR>> "Mike '/m'" <<A=20
href=3D"mailto:mike@barkto.com">mike@barkto.com</A>> wrote in =
message <A=20
=
href=3D"news:15seb1pu019glla3ph9mnje9h2rogh4mnh@4ax.com">news:15seb1pu019=
glla3ph9mnje9h2rogh4mnh@4ax.com</A>...<BR>> =20
Oddly, I see no mention of a race condition in the official=20
Microsoft<BR>> security bulletin that was =
originally=20
posted on December 20, 2001 and <BR>> updated on =
May 09,=20
2003<BR>> <A=20
=
href=3D"http://www.microsoft.com/technet/security/bulletin/MS01-059.mspx"=
>http://www.microsoft.com/technet/security/bulletin/MS01-059.mspx</A><BR>=
><BR>> =20
/m<BR>><BR>><BR>> On Mon, 20 Jun 2005 =
08:00:02=20
-0700, "Rich" <@> wrote:<BR>><BR>> =20
> A race condition.<BR>> =20
><BR>> >Rich<BR>> =20
><BR>> > "Geo" <<A=20
href=3D"mailto:georger@nls.net">georger@nls.net</A>> wrote in =
message <A=20
=
href=3D"news:42b699ed$2@w3.nls.net">news:42b699ed$2@w3.nls.net</A>...<BR>=
> =20
> Well what was it then?<BR>> =20
><BR>> > =
Geo.<BR>> =20
> "Rich" <@> wrote in message <A=20
=
href=3D"news:42b5feb2@w3.nls.net">news:42b5feb2@w3.nls.net</A>...<BR>>=
=20
> It is not a buffer =
overflow. It=20
is not a buffer overrun. Neither.<BR>> =20
><BR>> > =20
Rich<BR></BLOCKQUOTE></BODY></HTML>
------=_NextPart_000_0181_01C575DB.BCDD8950--
--- BBBS/NT v4.01 Flag-5
* Origin: Barktopia BBS Site http://HarborWebs.com:8081 (1:379/45)
|