» »

Say, that's a nice bug MSFT...

Say, that's a nice bug MSFT...

denial ::

"The vulnerability could allow remote code execution if an attacker sends a continuous flow of specially crafted UDP packets to a closed port on a target system." (Vir: KLIK)

SELECT finger FROM hand WHERE id=3;
  • spremenil: denial ()

jype ::

Oh, dear...

Če zdej rečem "še dobr, da je Linux firewall pred strežniki" boš pa nalimal isto stvar še za Linux :|

denial ::

Assessing the exploitability of MS11-083: KLIK.

MSFT pravi, da ni panike. Note the words like specific scenario and theoretically lead to RCE.
SELECT finger FROM hand WHERE id=3;

Zgodovina sprememb…

  • spremenil: denial ()

RejZoR ::

Take zadeve so pomoje samo za targeted napade, ker dvomim, da bi se kdo šel ubadat s tako specifiko na splošni nivo naključnih online sistemov. Mislim, preveč truda, za nezagotovljen uspeh...
Angry Sheep Blog @ www.rejzor.com

fiction ::

"Chuck Norris can exploit sockets that aren't even listening" LOL

In kaj točno rabi OS vedeti v zvezi z zaprtim UDP portom? Me skrbi, da si zadeva ne alocira do 65k čudnih struktur...

RejZoR: Ne vem no, pomoje je tvoj argument bolj "downplaying". "Theoretic RCE" je IMHO dovolj dober razlog za upgrade. Kako na tisto sproščeno mesto v pomnilniku spraviti kakšno zanimivo stvar, je velik tehnični izziv. Ampak če / ko bo kdo rešil tudi ta problem in postopek zapakiral v exploit (ki ga bo znal pognati povprečen script kiddie), se zna ta bug na veliko izkoriščati, ne glede na to, da mogoče ne bo 100 % reliable.

denial ::

In kaj točno rabi OS vedeti v zvezi z zaprtim UDP portom? Me skrbi, da si zadeva ne alocira do 65k čudnih struktur...

Keep in mind that the only way your networking stack knows to reject packets that are directed towards closed ports is to do some preliminary parsing of those packets, namely allocating some control structures, receiving at least the physical/link layer frame, IP header, and transport layer header, and parsing out the port and destination address. There's plenty of things that can go wrong before the kernel decides "this is for a port that's not open" and drops it, which appears to be what happened here. -- quoted from the post on FD

Another workaround:
Since MS11-083 is only exploitable on closed UDP ports, start listening services on all ports to protect yourself. ;)
SELECT finger FROM hand WHERE id=3;

Zgodovina sprememb…

  • spremenil: denial ()

RejZoR ::

Kako pa je če imaš pred sistemov strojni firewall (router)? Se situacija nič ne spremeni? Kako je če imaš porte stealthane (da niso zaprti ampak enostavno ne dajo odgovora, spet delo nekaterih firewallov)?
Angry Sheep Blog @ www.rejzor.com

denial ::

HW FW/NAT/router itak uporablja nek embedded OS tako, da se situacija prav nič ne spremeni. Stealth port pa itak ni nič drugega kot closed port. S to razliko, da stealth port ignorira vse paketke medtem ko se closed port odzove z RST ali ICMP port unreachable.
SELECT finger FROM hand WHERE id=3;

Zgodovina sprememb…

  • spremenil: denial ()

noraguta ::

Pust' ot pobyedy k pobyedye vyedyot!

denial ::

@noraguta
ZDnet == rumenjak za IT folk :) Bolj zanimivo branje: KLIK
SELECT finger FROM hand WHERE id=3;


Vredno ogleda ...

TemaSporočilaOglediZadnje sporočilo
TemaSporočilaOglediZadnje sporočilo
»

Vdor v Ubuntu; kaj naredi Tor?

Oddelek: Loža
314710 (4152) technolog
»

obtožba DoS napada!? (strani: 1 2 )

Oddelek: Informacijska varnost
668874 (5665) treker
»

ProtFtp Passive mode in iptables

Oddelek: Programska oprema
252256 (2078) SasoS
»

Linux & port forwarding

Oddelek: Operacijski sistemi
131199 (1054) Gandalfar
»

Iptables in C&C Generals

Oddelek: Igre
201919 (1688) Tito

Več podobnih tem