Description:
Laurent Gaffie was recently in the news for discovering SMB2.0 NEGOTIATE PROTOCOL REQUEST Remote B.S.O.D. vulnerability which affects Windows Vista, Server 2008 < R2 and 7 RC.
The attack is triggered by sending malformed SMB headers in the NEGOTIATE PROTOCOL REQUEST. The NEGOTIATE PROTOCOL REQUEST is the first SMB query a client send to a SMB server, and it's used to identify the SMB dialect that will be used for futher communication. The
exploit code and more details can be found on Laurent's blog. Looks like the guys at Microsoft forgot to use a fuzzer to test their SMB protocol implementation :) or maybe they haven't heard of fuzzers yet ;)
Thanks to Matt Downer (mattdowner [] gmail) for creating and posting a wonderful demo of this bug to SecurityTube!
Tags: fun ,
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.
Comments: