('binary' encoding is not supported, stored as-is) I've found a DoS vulnerability in a Dell openmanage application on a Win2K advanced server, and I am trying to discover if more can be done with the issue. I have little experience in working with vulnerabilities at the assembly and stack level. Basically, a simple telnet to the open TCP port causes a particular service to die. "an operation was attempted on something that is not a socket" "the exception generated was c0000005 at address 00403234 {<nosymbols>}" Dr. Watson - exception number: c0000005 (access violation) FAULT -> 00403224 8b07 mov eax,[edi] ds:00000000=???????? (stack dump, etc. snipped for public posting) I attempted to send many 0x41 chars, and then checked the various registers in the state dump (dr watson log file) but it does not appear that my data is getting through. Something about the connection itself breaks the service, whether it's a raw connection or a connection through telnet. I'm trying to isolate what the application actually expects and hope to have more information soon. For all I know, nothing else can be done. However, given that my skills in this particular area are in their early formative stage, maybe someone else can provide some insight. If anyone is kind enough to help analyze this issue further, please drop me a line. If anyone else is running Dell servers with any of the OpenManage applications for windows, please let me know. Please direct any flames to /dev/null Curt Wilson Netw3 security www.netw3.com
This archive was generated by hypermail 2b30 : Mon Jan 20 2003 - 16:59:15 PST