-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
____/ Tony Manco on Wednesday 09 Sep 2009 14:13 : \____
> Erik Funkenbusch wrote:
>
>> On Tue, 08 Sep 2009 11:49:31 +0100, Roy Schestowitz wrote:
>>
>>> -----BEGIN PGP SIGNED MESSAGE-----
>>> Hash: SHA1
>>>
>>> Windows Vista/7 : SMB2.0 NEGOTIATE PROTOCOL REQUEST Remote B.S.O.D.
>>>
>>> ,----[ Quote ]
>>>| V. BUSINESS IMPACT
>>>|
>>>| An attacker can remotly crash without no user interaction, any
>>>| Vista/Windows 7 machine with SMB enable. Windows Xp, 2k, are NOT
>>>| affected as they dont have this driver.
>>>|
>>>| VI. SYSTEMS AFFECTED
>>>|
>>>| Windows Vista/7 All (64b/32b|SP1/SP2 fully updated) and possibly Win
>>>| Server 2008 as it use the same SMB2.0 driver (not tested).
>>> `----
>>>
>>> http://seclists.org/fulldisclosure/2009/Sep/0039.html
>>
>> Yeah, cause it's not like we haven't seen kernel panics in free os's in
>> their remote network code.
>>
>> http://www.edgeos.com/threats/details.cgi?id=20989
>
> Right...
>
> Published: Feb 27 2006 12:00AM
> Updated: Mar 04 2006 04:16AM
>
> You look a little outdated... lets get a little recent...
>
> The security risk mentioned by the OP has not been fixed yet, you might as
> well pray for them to release a fix ASAP like next Tuesday or else your
> whole "gang" might suffer from the WinNuke effect...
The official Microsoft response is "blame others" (the "they too" defence).
- --
~~ Best of wishes
"Der Pampers-Content ergÃnzt den AOL Women-Channel um
spannende und nÃtzliche Inhalte." -- aol.de pressemitteilung
http://Schestowitz.com | Mandriva Linux | PGP-Key: 0x74572E8E
run-level 2 Sep 9 21:22
http://iuron.com - help build a non-profit search engine
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkqoMKcACgkQU4xAY3RXLo6bBgCgqJ4ns4tNhLmxMbKt0k9j6hIl
hZYAoJwOMZkGCHYhRRbeT5LA/Sf1Z0BB
=skE2
-----END PGP SIGNATURE-----
|
|
