was recently in the news for discovering SMB2.0 NEGOTIATE PROTOCOL REQUEST Remote B.S.O.D. vulnerability which affects Windows Vista, Server 2008 < R2 and 7 RC.
The attack is triggered by sending malformed SMB headers in the NEGOTIATE PROTOCOL REQUEST. The NEGOTIATE PROTOCOL REQUEST is the first SMB query a client send to a SMB server, and it's used to identify the SMB dialect that will be used for futher communication. The exploit code and more details can be found on Laurent's blog
. Looks like the guys at Microsoft forgot to use a fuzzer to test their SMB protocol implementation :) or maybe they haven't heard of fuzzers yet ;) Thanks to Matt Downer (mattdowner  gmail) for creating and posting a wonderful demo of this bug to SecurityTube!
Tags: fun ,
Latest from the SecurityTube Blog:
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.
Original Source: None