|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Regarding "SMB Invalid Handle Value" - MS06-030. Vulnerability not fixed.
From: Reversemode (advisories
reversemode.com)
Date: Thu Jun 15 2006 - 13:43:06 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hi,
Just to confirm that Microsoft has not fixed the NtClose/ZwClose
DeadLock vulnerability. The bulletin MS06-030 addressed this flaw as
"SMB Invalid Handle Value" which is just an euphemism under my point of
view.
The code added to mrxsmb.sys is just a wrapper in order to avoid the
"Invalid Handle".
I am sure that Microsoft has its own reasons to do this, I do not care
about. I'm not interested in discussing. However, I think that the
Driver Developer community should be informed that using
NtClose/ZwClose, the driver will be exposed to a security issue by
default. If this issue is considered as a feature, please, document it.
A developer is not extrictely required to know this behaviour.
------
case IOCTL_CLOSEHANDLE_DEADLOCK:
inBuf = Irp->AssociatedIrp.SystemBuffer;
ZwClose((HANDLE)inBuf[0]);
------
References: -Reversing mrxsmb.sys , Chapter II "NtClose DeadLock"-
http://www.reversemode.com/index.php?option=com_content&task=view&id=14&Itemid=1
Rubén Santamarta,
www.reversemode.com
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]