Proof of Concept for MS05-019 available

By Roger on April 17, 2005 3:38 PM |

There is now proof of concept code available for ms05-019 (Vulnerabilities in TCP/IP Could Allow Remote Code Execution and Denial of Service (893066)).

http://www.frsirt.com/exploits/20050417.ecl-winipdos.c.php

This one was actually interesting, an off-by-one

"When processing an IP packet with an option size (2nd byte after the option) of 39, it will crash - since the maximum available size is 40 for the whole IP options field, and two are already used:
[ OPT ] [ SIZE ] [ 38 more bytes ]
Checks are done to validate that the option-size field is less than 40, where a value less than !39! should be checked for validation.

Note that this doesn't affect ALL options, and is also dependant upon the underlying protocol. "

There is now PoC code for MS05-016, MS05-017, MS05-019, and MS05-020. The time for patching is now.

Categories

Microsoft

About this Entry

This page contains a single entry by Roger published on April 17, 2005 3:38 PM.

Hacked 404 Part 3 was the previous entry in this blog.

Hacked 404 - Final Chapter is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.

Subscribe to feed Subscribe to this blog's feed
Add to Google
Please contact me by leaving a comment where appropriate. Otherwise, you can click here to reveal an email address for me.
Got Backups? Get Safe Online Remember Rick Rescorla Powered by Movable Type 4.2-en

Search