[6396] in bugtraq
NTCrash2
daemon@ATHENA.MIT.EDU (Aleph One)
Thu Mar 26 00:53:06 1998
Date: Wed, 25 Mar 1998 23:34:23 -0600
Reply-To: Aleph One <aleph1@DFW.NET>
From: Aleph One <aleph1@DFW.NET>
To: BUGTRAQ@NETSPACE.ORG
Date: Wed, 25 Mar 1998 16:11:17 +0000
From: Paul Ashton <paul@ARGO.DEMON.CO.UK>
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
Subject: NTCrash2
From: http://www.ntinternals.com/ntdll.htm
by Mark Russinovich.
> A little over a year ago I wrote a program called NTCrash that barraged
> the Native API interface with garbage parameters. The program discovered
> 13 WIN32K system services that failed to perform comprehensive parameter
> validation, the result of which were Blue Screens. Microsoft closed these
> holes in Service Pack 1.
> About two months ago I revisited NTCrash and tweaked it to be more intelligent
> about generating garbage - the garbage this new version, NTCrash2, produces
> hits boundary conditions that can be easy to miss in validation. In fact,
> this revision found 40 more APIs with Blue Screen holes. Microsoft has been
> made aware of the holes and they will be closed in Service Pack 4."
40?! I wonder how many of these could be turned into exploits?
Paul
--
"Il software e' come il sesso; e' meglio quando e' gratis - LT"
