[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] [CVE-2012-0207] Linux IGMP Remote Denial Of Service



BTW you bug is a division by zero and it's here:

Linux/net/ipv4/igmp.c

178 static void igmp_start_timer(struct ip_mc_list *im, int max_delay)
179 {
180         int tv = net_random() % max_delay;  <---  max_delay==0
181
182         im->tm_running = 1;
183         if (!mod_timer(&im->timer, jiffies+tv+2))
184                 atomic_inc(&im->refcnt);
185 }
186




On 01/19/2012 08:49 PM, root wrote:
> Hi,
> 
> You already have a good reputation as a bug-finder.
> IMHO, releasing additional research in a hurry like this can only
> tarnish that reputation and feed the trolls.
> Providing a kernel stack trace ( http://imgur.com/klC4k ) or a more
> reliable PoC can't take more than an hour, and it will greatly enhance
> the quality of the report.
> 
> If you are worried several people has founded a particular bug and
> publication is imminent, then maybe was not such a great find to begin
> with :)
> 
> 
> 
> 
> 
> 
> On 01/19/2012 02:32 PM, HI-TECH . wrote:
>> Hi XD,
>>
>> Am 19. Januar 2012 15:27 schrieb xD 0x41 <secn3t@xxxxxxxxx>:
>>> Oh and btw, that coding style, just aint you dude... you know,
>>> everyone has theyre own fingerprint, i find it really hard to think
>>> that, you just made this mistakes in cksum area,wich was area wich
>>> actually does the exploiting :P , so why release crap ? why not make
>>
>> I release it because it worked for me INSIDE TWO VM's, I had no clue about 
>> the
>> checksum error. I didnt cripple it. It worked in my tests because I
>> bet the vmware
>> did adjust the checksums to be correct.
>> Why release that crap? Because I wanted to be the first to release an
>> exploit for it
>> for fame and glory and it was coded in a hurry, I was thinking it
>> actually works (I am doing
>> more tests now on real hardware so I can be sure)
>>
>>> it half decent, and as i said, it was not even your coding style so im
>>> finding this really hard to believe it wwas yours, maybe was modified
>>> , from many many similars, but, i guess thats normal... you tend to
>>
>> It is modified code from other coders as stated in the header.
>>
>>> use perl, and bash alot, within your bash, is the .c, and that is your
>>> style... like zx2c has, like dan rosenberg and JO, all kep the same
>>> style, because it is habit for any coder.. you dont just change styles
>>> this fast, or did you get some realllly good ebooks coz, show me where
>>> you found so i can catch up to it :P)
>>
>> I didnt change my coding style, it was just done in a hurry so Dan or
>> Jon wouldnt beat me on that BWHAHAHA.
>>
>>> Love you long time pal, but, find this one abit shitty, and, i do like
>>> everything in past, your codes going back to you know when, but this
>>> is bs, and if you were gonna rls it, you shulda fucked with the
>>> numbers maybe, but, let it fkn run, it was made as poc for lan test
>>> right, so why cripple it, thats just silly... thats why i attack it,
>>> and, i dont really care a shit who coded it, but, i doubt it was
>>> anyone in that code.
>>
>> You can attack it its your opinion and thats totally fine. I didnt
>> cripple the code
>> actually.
>>
>>> have a good day and, no offence over this but, it just shits me when
>>> people, who know better, go out of theyre way and release publically,
>>> shit wich is fucked up and, in this case, would waste a persons time,
>>> and, you even put tested on, and, now, how would it be tested with
>>> that cksum, please explain that then, your saying you dont have time
>>> but stop bullshit man, you crippled it, just fkn admit it, it could
>>> NOT work setup, without the damn cksum, as it was part of sento! how
>>> could this, be any use, even with the settings back to old, without my
>>> edit.... you show me one fucking real test, i mean, compile the code,
>>> infront of people, then go make your fYT vids, seriously, I have told
>>> Jon Oberheldie this, and others, str8 up, if you release crippled
>>> shit, your as shit as what you cripple mate.
>>
>> You forget about all the codes I rlsed before. As I said this was done
>> in a hurry. You had a look at roaring beast ? How can you tell me I send
>> crippled codes out? Buddy I m human too and do mistakes.
>>
>>> thats just my point of view and really, this is d0s, wich, i dont care
>>> for..im saying, you dont see AB release some fucked up exploit every
>>
>> AB? whos that ?
>>
>>> 2months, and makeSURE it dont work , you dont see anyone release shit
>>> like this anymore with such blatant errors, its just shitty, luckily i
>>> nano'd it, yea, i like nano ok, or i would have wasted time
>>
>> wtf ? come on.. nano.. this is getting silly
>>
>>> kcope...its just that simple, and no offences atall, i was able to
>>> spot this, but, do not sit there, telling me and everyone else, that
>>> it was working, tested... coz, we both know that was NOT the same code
>>> released, you cannot deny the code.... simple.
>>> you screwed this one up. go back to exploiting :P itsd better and your
>>> better at it! :P
>>
>> As I said I tested it with two VMS in a testbed and both Ubuntu and
>> OpenSUSE crashed
>> instantly.
>>
>>> I like your shit, but, i realllllly prefer, when kxcope, is thinking
>>> of b0f and new methods etc, like i know the one from 2009 did, and
>>> found the biggest remote hole ever,and you even released this , and
>>> people can hate you and whatever but there is no denying it, your damn
>>> skilled, so im just saying, i dont like crippled work, nowdays, and
>>> when it is released with a mark of approval, from someone i trust.
>>
>> Its 2011 and I found a bug in FreeBSD ftpd. Which is better than ProFTPD coz
>> it rocks, have you ever seen a bug in FreeBSD ftpd since ~10 years ?
>>
>>> this is private, and, stays here but, this is why i attacked you dude,
>>> and, nothing bad about it, it stays here, and, thats it... i wont say
>>> shit, i have said what i wanted, your a nice guy, i like you, so,
>>> thats all, i just dont want to see you ending up like them other fags,
>>> they have 0 respect UG... you do atleast have that... fuck fd lists
>>> respect... but still, you just had to leave out that line 'tested' ;)
>>
>> I like the public scene more than the dark one.
>>
>>> ok, sorry for any confusion etc but, thats all i think and, i want you
>>> to know exactly what i think, and know i am not being mean atall...
>>> and apologise for even puttingthat retort onto fd..i should have just
>> OMG how the ***** you have time to write me so long lines ?
>>
>>> pmd you, but i loose sight of your nickname sometimes...anyhow... i
>>> hope your not offended but, i did not try to offend you atall, i just
>>> found it really weird that yopu released that and, it was shitty
>>> lol... lan d0s :P i mean, we could have lan PARTY now, we could all
>>> get drunk and crunk but, not lan-d0s :P
>>
>> HEHE, I want to see the CCC Hackerspace got hit by that.
>>
>>> hehe, tcare man, i fucking find you one of my inspirations and why i
>>> get up everyday, is to greet the people, who have some repspect in
>>> them, i will makesure also the post goes only for regged members or
>>> sumthin also, just to make it abit harder i guess for ppl to look
>>> at...fkit.. i should not have even bothered saying shit but, i love
>>> packets :P
>>
>> I have respect of you too. But next time please dont rls my FreeBSD locals
>> on pastebin.
>>
>>> i just do, and, i added the other codes, so anyone could modify the
>>> other codes, or port it to windows... and, nothing more... it is only
>>> a frag adding app, and shows basic socket use... nothing more... so,
>>> it was basically, an adon, to your tool, it would be nice to do a test
>>> with fragging.. anyhow, i might do that myself...see howfar this bug
>>> can be pushed... take care man, i hope your cool , take it easy and
>>> speak to you soon
>>> drew
>>
>> Ok good, so your code works actually? Over the internet ............
>> This is an exercise for the interested reader.
>>
>> Regards,
>>
>> Kingcope
>>
>>>
>>> On 20 January 2012 00:28, HI-TECH .
>>> <isowarez.isowarez.isowarez@xxxxxxxxxxxxxx> wrote:
>>>> Hello xD,
>>>> sorry I don't understand a word you are talking about.
>>>> To put everything together about what you were ranting would take too
>>>> much time for me.
>>>> Did I offend you in any way ?
>>>> It's just a PoC for people to test their systems nothing else...
>>>> I cannot check each every system if it works, I just checked two boxes
>>>> and thats enough for me.
>>>>
>>>> Regards,
>>>>
>>>> Kc
>>>>
>>>> Am 19. Januar 2012 04:56 schrieb xD 0x41 <secn3t@xxxxxxxxx>:
>>>>> Now, heres the one wich works, without in_chksum bug ;)
>>>>>
>>>>> http://pastebin.com/x1ShKAUT
>>>>>
>>>>> now, sorry but,  had to try it remotely, sheesh, and, you dont
>>>>> cripple, code of old bugs and, half of this code is from an old bug
>>>>> anyhow, so why the heck not leave it... i guess now your starting to
>>>>> look like Jon Oberheldie the king of fucked up cripples... lol...
>>>>> ewnjoy folks. this version, may even work! omg isnt this amazing!!
>>>>> XD says to FD a BIG FUCKS YOU ,well cept kcope and few other decent
>>>>> guys like me :P ,and nme, and tropic and well, #Haxnet :)
>>>>> now go fucking shoot yourselves away with your newbie working
>>>>> undeadattack.. dont know why someone did not inform me they would
>>>>> cripple it, and maybe forward a copy to me but, now this file, goes
>>>>> where the rest go, to the shame files...
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> On 18 January 2012 08:11, HI-TECH .
>>>>> <isowarez.isowarez.isowarez@xxxxxxxxxxxxxx> wrote:
>>>>>> Demonstration of the Exploit:
>>>>>> http://www.youtube.com/watch?v=78nAxh70yZE (thanks ClsHack)
>>>>>>
>>>>>> see attached content
>>>>>>
>>>>>> /Kingcope
>>>>>>
>>>>>> _______________________________________________
>>>>>> Full-Disclosure - We believe in it.
>>>>>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>>>>>> Hosted and sponsored by Secunia - http://secunia.com/
>>
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>>
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
> 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/