Hosting Provided By

Re: Windows XP SP1 gethostbyaddr() flow (Re[3]: mirc32 6.0x crash when resolving dns.)

From: Street <streetseeker(at)mail.ru>
Date: Sat May 31 2003 - 13:31:01 EDT

Hello 3APA3A,

Saturday, May 31, 2003, 2:18:40 PM, you wrote:

3> Dear vulndev,

3> It's definitely bug in Windows XP SP1, as it was supposed by Roland 3> Postle <mail@blazde.co.uk> To reproduce it:

3> 1. Created zone 1.168.192.in-addr.arpa and add record:

3> 254 IN CNAME non.existant.name

3> 2. Use test program attached

Do you need help?

3> 3. I did tests on Windows NT 4.0, Windows 2000 and Windows XP SP1. 3> Results:

3> Windows NT 4.0:

c:\>>test.exe 192.168.1.254
3> gethostbyaddr failed

3> Windows 2000:

C:\>>test.exe 192.168.1.254
3> gethostbyaddr failed

3> Windows XP SP1:

C:\>>test.exe 192.168.1.254
3> h_name: (null)

3> So,  this problem is not specific to mIRC and it's possible to crash any
3> application    on    Windows    XP    Sp1   where   gethostbyaddr()   or
3> WSAAsyncGetHostByAddr()   is  used  for  reverse  name  resolution  (IRC
3> clients, Peer-to-Peer clients, personal firewalls, etc).

3> Can somebody test Windows 2003?

Do you need more help?

This bug is confirmed to work in Windows 2003 Server, it is vulnerable. Tested on evaluation (180 day) version.

-- 
Best regards,
 Street                            mailto:streetseeker@mail.ru

Received on Tue Jun 3 13:38:57 2003

This message: [ Message body ]
Next message: deepcode: "win32 shellcoding"
Previous message: Dave McKinney: "Announcement: SecurityFocus Pen-Test and Firewalls Focus Areas"
In reply to: 3APA3A: "Windows XP SP1 gethostbyaddr() flow (Re[3]: mirc32 6.0x crash when resolving dns.)"
Next in thread: Bram Matthys (Syzop): "Re: mirc32 6.0x crash when resolving dns."

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:07:39 EDT