[prev in list] [next in list] [prev in thread] [next in thread] 

List:       spike
Subject:    Re: [Spike] SPIKE Console :(
From:       dave () immunitysec ! com
Date:       2003-06-06 11:50:21
[Download RAW message or body]

Well, I'm not anti a console - I like having something that you could
input text into and easily manipulate into a .spk - but I think wxPython
was the way wrong way to go with that, now that I've used pyGTK, which is
a much better windowing toolkit.

So the DoS RPC bug as described here:
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03-010.asp

 Application of this security patch has been reported to, in some specific
configurations, cause local COM calls to stop responding. This problem
occurs only when several local RPC calls are made quickly from multiple
threads, and each thread has a unique set of security credentials.

Ok. So what you're telling me is that even though my connection comes over
from the network and has an anonymous token associated with it, COM
mistakenly thinks it has a SYSTEM or Administrator token as well. Does
anyone else see ANOTHER problem with this, unrelated to a DoS? :>

Also:
During the development of Windows 2000, significant enhancements were made
to the underlying architecture of RPC. In some areas these changes
involved making fundamental changes to the way the RPC server software was
built. The Windows NT 4.0 architecture is much less robust than the more
recent Windows 2000 architecture, Due to these fundamental differences
between Windows NT 4.0 and Windows 2000 and its successors, it is
infeasible to rebuild the software for Windows NT 4.0 to eliminate the
vulnerability. To do so would require rearchitecting a very significant
amount of the Windows NT 4.0 operating system, and not just the RPC
component affected. The product of such a rearchitecture effort would be
sufficiently incompatible with Windows NT 4.0 that there would be no
assurance that applications designed to run on Windows NT 4.0 would
continue to operate on the patched system.


That's really interesting. I wonder what the change was that allowed 2000
to deal with impersonated tokens properly?

-dave



> pity about SPIKE console gettting the rm. i recently discovered the python
> extension module 'dl'  which is basically python's take on dl* functions
> and i immediately thought...SPIKE! how a nice pretty .spk creater with
> some buttoms for debugging spk scripts and running them quickly would have
> been really, really neet.
> *sigh*
> - trpz
> _______________________________________________
> Spike mailing list
> Spike@lists.immunitysec.com
> http://www.immunitysec.com/mailman/listinfo/spike
>

_______________________________________________
Spike mailing list
Spike@lists.immunitysec.com
http://www.immunitysec.com/mailman/listinfo/spike
[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic