[22895] in bugtraq
Re: Ssdpsrv.exe in WindowsME
daemon@ATHENA.MIT.EDU (Stefan Laudat)
Thu Oct 18 16:52:27 2001
Date: Thu, 18 Oct 2001 23:11:29 +0300
From: Stefan Laudat <stefan@FuckMicrosoft.com>
To: milo omega <mtwoar@hotmail.com>
Cc: bugtraq@securityfocus.com
Message-ID: <20011018231129.A11828@worldbank.ro>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <F15tMIO5pt4gVvpQN1R00009e33@hotmail.com>
> Ssdpsrv.exe is the file that starts the UPnP server on WindowsME boxes.
> This service comes standard with the WindowsME installation.
<wondering mode on>
But it isn't neither loaded at startup nor installed with standard WinME
installation. Have a look :-/
C:\WINDOWS\Desktop>ver
Windows Millennium [Version 4.90.3000]
C:\WINDOWS\Desktop>ipconfig
Windows IP Configuration
0 Ethernet adapter :
IP Address. . . . . . . . . : 172.16.252.2
Subnet Mask . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . : 172.16.252.1
C:\WINDOWS\Desktop>dir c:\windows\system\ss*.*
Volume in drive C is MACIUCA
Volume Serial Number is 323E-0FF2
Directory of C:\WINDOWS\SYSTEM
File not found
2.560.61 MB free
[root@bunker /root]# nmap -sT 172.16.252.2
Starting nmap V. 2.54BETA7 ( www.insecure.org/nmap/ )
Interesting ports on ninja (172.16.252.2):
(The 1533 ports scanned but not shown below are in state: closed)
Port State Service
139/tcp open netbios-ssn
Nmap run completed -- 1 IP address (1 host up) scanned in 1 second
[root@bunker /root]# telnet ninja 5000
Trying 172.16.252.2...
telnet: Unable to connect to remote host: Connection refused
Ahem... grabbed my IBM T22 notebook, erased an ext2 partition of it,
installed winme using only typical settings, yet no result.
</wondering mode on>
Now, please enlighten me a bit:
1. Are you sure about this ? How many platforms did you actually test
before reporting it to anyone?
2. Are there any special WinME installation settings that you checked
during the setup process ?
3. Did you actually notify Microsoft as normal people should behave?
> This causes the server crash and closes port 5000.
> Either you must restart the server by manually running ssdpsrv.exe
> or reboot.
Or either a guy who got his shots should report it to Microsoft
support so we can eventually get an update.
--
Stefan Laudat
CCNA & CCAI
-------------
When I kill, the only thing I feel is recoil.
