[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516)

To: Tillmann Werner <tillmann.werner@xxxxxx>
Subject: Re: [Full-disclosure] Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516)
From: xD 0x41 <secn3t@xxxxxxxxx>
Date: Fri, 11 Nov 2011 21:41:03 +1100

not my code dude. i just offered it, for anyone who was interested...

again, people bashing the user, who does nothing but inform :s
ghood one.



On 11 November 2011 19:17, Tillmann Werner <tillmann.werner@xxxxxx> wrote:
>>     def callback(self, hdr, data):
>>         # Parse the Ethernet packet
>>         decoder = ImpactDecoder.EthDecoder()
>>         ether = decoder.decode(data)
>>         # Parse the IP packet inside the Ethernet packet, typep
>>         iphdr = ether.child()
>>         udphdr = iphdr.child()
>>
>>         # First check that the packets are not comming from the local host
>>         # Then check that it is a UDP packet (incase you changed the BPF) 
>> also
>>         # Check that the destination port for the packet is a closed
>> port on the host
>>         if (iphdr.get_ip_src() != self.ip):
>>             self.refresh_portlist()
>>             if (iphdr.get_ip_p() == ImpactPacket.UDP.protocol and
>> udphdr.get_uh_dport() not in self.portlist):
>>                 if self.called == 0:
>>                     self.callonce()
>>                 print "Incoming UDP packet from %s"%iphdr.get_ip_src()
>>                 self.dumper.dump(hdr, data)
>>
>>     def refresh_portlist(self):
>>         # bash script to get all the open and listening UDP ports
>>         # used in the callback function as criteria for logging traffic
>>         output = os.popen("./getports.sh")
>>         pl = output.readlines()
>>         self.portlist = []
>>         for p in pl:
>>             self.portlist.append(int(p))
>
> Seriously? popen()ing a bash script that calls netstat and awk twice for
> every packet?
>
> Tillmann
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

References:
- [Full-disclosure] Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516)
  - From: Henri Salo
- Re: [Full-disclosure] Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516)
  - From: Georgi Guninski
- Re: [Full-disclosure] Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516)
  - From: Darren Martyn
- Re: [Full-disclosure] Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516)
  - From: xD 0x41
- Re: [Full-disclosure] Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516)
  - From: Georgi Guninski
- Re: [Full-disclosure] Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516)
  - From: Thor (Hammer of God)
- Re: [Full-disclosure] Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516)
  - From: Sergito
- Re: [Full-disclosure] Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516)
  - From: xD 0x41
- Re: [Full-disclosure] Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516)
  - From: Tillmann Werner

Prev by Date: [Full-disclosure] [FOREGROUND SECURITY 2011-004] Infoblox NetMRI 6.2.1 Multiple Cross-Site Scripting (XSS) vulnerabilities
Next by Date: Re: [Full-disclosure] Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516)
Previous by thread: Re: [Full-disclosure] Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516)
Next by thread: Re: [Full-disclosure] Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516)
Index(es):
- Date
- Thread