[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Microsoft Windows TCP/IP Timestamps Code Execution Vulnerability

To: Ivan Security <ivanchukl@xxxxxxxxx>
Subject: Re: [Full-disclosure] Microsoft Windows TCP/IP Timestamps Code Execution Vulnerability
From: Fernando Gont <fernando.gont@xxxxxxxxx>
Date: Fri, 27 Nov 2009 20:27:07 -0300

On Fri, Nov 27, 2009 at 1:59 AM, Ivan Security <ivanchukl@xxxxxxxxx> wrote:

> Has anyone more details about this vulnerability?. The advisory just say:
> "The vulnerability exists due to the TCP/IP stack not cleaning up state
> information correctly. This causes the TCP/IP stack to reference a field as
> a function pointer when it actually contains other information"
> I'd like to know a bit more in order to test it and make some research.

This certainly looks like an implementation bug. Nevertheless, when it
comes to protocol or "design" vulnerabilities, you might want to use
this document as a reference:
http://www.cpni.gov.uk/Docs/tn-03-09-security-assessment-TCP.pdf

Feedback is always welcome.

Kind regards,
Fernando

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

References:
- [Full-disclosure] Microsoft Windows TCP/IP Timestamps Code Execution Vulnerability
  - From: Ivan Security

Prev by Date: Re: [Full-disclosure] "funsec" as a terror cell
Next by Date: Re: [Full-disclosure] Microsoft Windows TCP/IP Timestamps Code Execution Vulnerability
Previous by thread: Re: [Full-disclosure] Microsoft Windows TCP/IP Timestamps Code Execution Vulnerability
Next by thread: [Full-disclosure] Good thing we have EFF...
Index(es):
- Date
- Thread