pay immunity for it
MS08-067 POCs?
Anyone know of a public POC for MS08-067? My employer is interested in specific details I can only get by A) screwing around in IDA Pro looking for the function call that b0rks this; or B) reading through a proof-of-concept, familiarizing myself with the SMB protocol in context, and figuring out exactly what's going on here.
The best I've found is an explanation on MSDN (which I'm not allowed to post yet, since I need to make 15 or more posts...), but it only helps with (A)
(Note that, among other things, it's always possible to grab the patch itself, compare its contents to the currently installed DLLs, and look at the changes specifically... not the easiest thing in the world but doable, just very time consuming for us rank amateurs in the exploit dev arena, and assumes you can make sense of what you read)
pay immunity for it
SecurityFocus and Milw0rm has the same Proof of Concept for it, if you wait long enough
for it, you might be lucky that someone release a metasploit module for itThough i'm
looking into it at the moment, just to see if it's possible for my low intelligense to exploit it.
I don't know exactly right now how the flow and control is in the exploit/vulnerability,
so i guess you could try starting to debug the service and try it out yourself?
[quote][I]I realized, that I had fallen down from the top of the mountain into a deep, terrifying and dark hole, just to find out that another mountain in front of me, much greater than the previous, was the next step in life. I began to wander uphill on the next mountain of life while I knew it would be much harder than the previous mountain. [/I]- MaXe[/quote]
http://boards.cexx.org/index.php?act...;topic=17890.0 provides lots of info sources. I'm hunting a POC.
I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.
I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.
Good info here:
http://twitter.com/securitytwits
MS08-067 details and Gimmiv.A in the wild
http://blog.threatexpert.com/2008/10...erability.html
MS08-067 and the SDLC:
http://blogs.msdn.com/sdl/archive/20.../ms08-067.aspx
http://www.microsoft.com/technet/sec.../MS08-067.mspx
I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.
I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.
I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.
I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.
Wesley McGrew has a lot of good links as well
http://www.mcgrewsecurity.com/2008/10/24/ms08-067/
http://www.phreedom.org/blog/2008/decompiling-ms08-067/
EDIT: mubix was faster :-)
Don't eat yellow snow :rolleyes:
Funny!
Yet, scary at the same time.This bug is pretty interesting, because it is in the same area of code as the MS06-040 buffer overflow, but it was completely missed by all security researchers and Microsoft. It's quite embarassing.
I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.
I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.
Posting Permissions