RE: bug w2k
From: Jon Westmuckett (jonathan.westmuckett@digimask.com)Date: 07/30/01
- Previous message: Josué: "Re: SERIOUS BUG IN PHPNUKE"
- Maybe in reply to: Mark Saum: "RE: bug w2k"
- Next in thread: ANdrei: "Re: bug w2k"
- Reply: ANdrei: "Re: bug w2k"
- Reply: cdowns: "Re: bug w2k"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Message-Id: <5.0.2.1.0.20010730165743.00ae9bb0@pop3.digimask.com> Date: Mon, 30 Jul 2001 17:23:08 +0100 To: Mark Saum <msaum@fidelisconsulting.com>, VULN-DEV@securityfocus.com From: Jon Westmuckett <jonathan.westmuckett@digimask.com> Subject: RE: bug w2k
I have also verified this - win2k english sp2 - with 2-3 F7s.
However, it seems to work with command line programs other than ping - i've
caused my machine to reboot by substituting telnet and even "dir /s" for
ping. Additionally, it seems that the crash occurs after the command
finishes executing. I saw a BSOD flicker past but i couldn't make out any
details past "STOP: c000021a Fatal System Error".
Regards,
Jon
At 16:37 28/07/2001 -0500, Mark Saum wrote:
>I've verified this to work on Win2K Pro SP2. It took 3 F7s and my system
>hard-booted as if I had hit the reset button.
>
>On a Win2K Server SP2 on a terminal session (administrator mode) it doesn't
>crash the box. However:
> - You can create a "cmd.exe" session that is unkillable
> - You can't log off that session
> - You can't kill that session or "cmd.exe" process from the console
>(taskmgr.exe)
> - You can't log the user off from Terminal Services Manager
> - You can't create another instance of "cmd.exe" in that terminal session
> - A reboot is required to kill the session.
>
>Regards,
>
>Mark Saum
>
>Fidelis Consulting Corporation
>Dallas, TX
>
>-----Original Message-----
>From: SIFFREDI DANIEL [mailto:DSIFFREDI@nacion-afjp.com.ar]
>Sent: Friday, July 27, 2001 2:45 PM
>To: 'bugtraq@securityfocus.com'
>Subject: bug w2k
>
>
>Hello, this is a new bug found in W2K in all flavors, works with all levels
>of users.
>
>Here is the proof of concept:
>
>Open a Cmd Window
>Ping to any host (for example ping 10.100.2.1 preferred a host in your LAN),
>no switch needed. Just ping
>Now press F7 and Enter (try a couple of times quickly...less than ten , and
>you can see what a meaning)
>The machine reboots, from nothing a warm reboot.
>Please let me know if you have the same bug. I tried this in W2k sp2 English
>and Spanish.
>
>
>Daniel Siffredi
>Administrador de Red de Microinformatica.
>Nacion AFJP SA
- Previous message: Josué: "Re: SERIOUS BUG IN PHPNUKE"
- Maybe in reply to: Mark Saum: "RE: bug w2k"
- Next in thread: ANdrei: "Re: bug w2k"
- Reply: ANdrei: "Re: bug w2k"
- Reply: cdowns: "Re: bug w2k"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
