[21975] in bugtraq
RE: bug w2k
daemon@ATHENA.MIT.EDU (CJ Oakwood)
Sun Jul 29 00:47:35 2001
X-Apparently-From: <cj?oakwood@yahoo.com>
From: "CJ Oakwood" <cj_oakwood@yahoo.com>
To: "'Carl Livitt'" <carl@ititc.com>
Cc: <bugtraq@securityfocus.com>
Date: Sat, 28 Jul 2001 21:02:25 -0700
Message-ID: <001b01c117e3$536b98e0$0540a8c0@oakwood.com>
MIME-Version: 1.0
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: 7bit
In-Reply-To: <01072811234300.00540@europa>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
STOP, Fatal Error blue screen that appeared briefly
That is your BSOD. This is a Kernel Mode Break. Please send me the
*.dmp file, and I will try and see what happened, and what driver was
effected.
(If the file is massive, please share it out on a website/ftp Server,
and I'll download it that way.
Another way to catch this to run NTSD on cmd.exe or attach a Kernel
Debugger to the system. If this is really a KD break, you will catch
it and be able to debug it in real time. (Same with ntsd if it is a
user break).
CJ
- -----Original Message-----
From: Carl Livitt [mailto:carl@ititc.com]
Sent: Saturday, July 28, 2001 03:25
To: bugtraq@securityfocus.com
Subject: Re: bug w2k
> Just ping
> Now press F7 and Enter (try a couple of times quickly...less than
> ten , and you can see what a meaning) The machine reboots, from
> nothing a warm reboot.
Confirmed on Win2K Pro SP2, English. The reboot would not happen when
there
was no ping process. As soon as a ping was in progress, *boom*.
I did notice there was a STOP, Fatal Error blue screen that appeared
briefly,
but I could not catch what it said before the machine rebooted.
Perhaps
someone else will have more luck?
Does anyone know: is the F7 key (used in CMD.EXE as to bring up a
most-recently-used command list) implemented in kernel or user space?
If its
in user space, then this is a doubly worrying bug as it hints that it
would
be possible for a non-privileged user to write code that could cause
a BSOD
and reboot. If it's in kernel space, well I just hope that this
situation is
not caused by an unchecked buffer....
Carl Livitt
Code Monkey
IT in the Community
England
- --
Free Dmitry!
http://www.boycottadobe.com
_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>
Comment: Go to http://4.60.71.222/public/ for public key
iQA/AwUBO2OK0a+nyPk9PHN7EQLPxgCg01zpdV3lEMnvjmQDLUwv6HdQEfwAniB+
Rl4ZXbpv23cnZjVgR8aPWxYA
=P8oa
-----END PGP SIGNATURE-----
_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com
