OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: con\con is a old thing (anyway is cool)
From: LEVIATHAN (leviathanUSWEST.NET)
Date: Mon Mar 06 2000 - 14:07:02 CST

Ussr Labs wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> - ----------------------------------------------------------------------
> - ----
> New exploit found by the securax crew on 3/3/error
>
> for: windoze 98 maybe 95 too...
> not for NT4 or win2K

Preliminary research done at our temple o' computers here states this much:

Any mix, as long as it refers to con\con or nul\nul anywhere in the path,
will crash my box.

(boxes, perhaps. Both with Win95 SR2, one with a broken install of ie5 and
one with stock ie3)

ALL programs that can open files are affected.

Doing "c:/con/con" in the command prompt (with or without windows booted)
will echo nothing back... ???

It breaks everything related to VFAT. VMM and VFAT crashed when I opened it
in netscape. Otherwise, just VFAT.

All the errors are hard to track down at where it breaks windows.

I got a variety of errors when it happend, such as:

0d 0246:014f47fb
0d 09e5:014f268b
0d 0967:014f268b
0d 1677:104f756d

and lots of others.

Any attempt (at first) to break out (three-finger salute) causes an 0e
016f:bff9a25b ?

And, can this possibly be exploited to run programs?

More to come (from me) maybe.

--"LEVIATHAN"

_____________________________________________________________________
** TO UNSUBSCRIBE, send the command "UNSUBSCRIBE win2ksecadvice"
** FOR A WEEKLY DIGEST, send the command "SET win2ksecadvice DIGEST"
SEND ALL COMMANDS TO: listservlistserv.ntsecurity.net