Re: Is Windows TCP/IP source routing PoC code available?
Dear Denis Jedig,
Simple PoC and original message from Andrey Minaev, dated February, 2006
in Russian with short translation to English) are available from
http://www.security.nnov.ru/Fnews753.html
This is his original post regarding this issue as it was in his first
report to MS and it may not contain complete information because I am
not aware about results of further researches with Microsoft.
I don't know why Andrey have not published complete information yet. I
had no contacts with him after MS opened case on this issue and he asked
to hold information.
--Sunday, June 25, 2006, 10:03:24 PM, you wrote to vuln-dev@xxxxxxxxxxxxxxxxx:
DJ> Greetings to the list,
DJ> As known, Microsoft did announce a security vulnerability concerning an
DJ> overflow within the TCP/IP stack implementation when source routing
DJ> fields are used:
DJ> http://www.microsoft.com/technet/security/bulletin/MS06-032.mspx
DJ> Is anyone aware of an exploit or POC code for this vulnerability? The
DJ> security bulletin states that Windows XP SP2 and Windows Server 2003 SP1
DJ> are "secure by default" due to disabled source routing. However, it does
DJ> not provide sufficient information regarding other operating systems
DJ> affected, so I would like to check out by myself.
DJ> Regards,
DJ> Denis Jedig
DJ> syneticon networks GbR
--
~/ZARAZA
...áåç äóáèíêè íèêîãäà íå ïðèíèìàëñÿ îí çà ïðîãðàììèðîâàíèå. (Ëåì)