Remote attackers can perform a denial of service in Windows machines using malicious ARP packets, forcing a message box display for each packet or filling up log files.

**\[prev in list\] \[next in list\] \[prev in thread\] \[next in thread\]** 
**List:       bugtraq
Subject:    ARP problem in Windows9X/NT
From:       Joel Jacobson <joel () mobila ! cx>
Date:       1999-04-12 11:59:54
\[Download RAW message or body\]**

Hello all bugtraqers!

I've found a problem in Windows9X/NT's way of handeling ARP packets.

If you flood a computer at your LAN with the packet below, it's user
will be forced to click a messagebox's OK button x times, where x is the number
of packets you flooded with.

I advice Microsoft to develope a patch for this problem, that let you
choose to ignore all future messages of this type.

There is no way to trace the flooder since the MAC address in the
packet can be modified to anything. Bad configurated routers will
not drop this packet. When I tested this problem on my LAN I could
flood a computer on another C-net at my LAN without problems.

The program NetXRay was used to preform the flood.
The victims had to reboot their computer, or choose to click \_very\_
many OK buttons.

The ARP packet is build up like this:

Ethernet Version II:
 Address: XX-XX-XX-XX-XX-XX --->FF-FF-FF-FF-FF-FF
 Ehternet II Protocol Type: ARP
Address Resolution Protocol:
 Hardware Type: 1 (Ethernet)
 Protocol Type: 800
 Hardware Address: Length: 6
 Protocol Address: Length: 4
 Operations: ARP Request
 Source Hardware Address: XX-XX-XX-XX-XX-XX
 IP Source Address: <victim computer's IP>
 Destination Hardware Address: XX-XX-XX-XX-XX-XX
 IP Destination Address: <victim computer's IP>

And in HEX the packet look like this:
ff ff ff ff ff ff 00 00 00 00 00 00 08 06 08 00 06 04 00 01 00 00 00
00 00 00 XX XX XX XX 00 00 00 00 00 00 XX XX XX XX
(XX is what matters here)

Hope a patch for this problem will be developed fast, cause this is a
big problem for my school and probably also to others.

I'm not a C programmer, and don't know how to write an exploit for
this problem. So, if anyone else can develope an exploit, feel free to do so.

Joel Jacobson.

**\[prev in list\] \[next in list\] \[prev in thread\] \[next in thread\]** 

  

Configure | About | News | Add a list | Sponsored by KoreLogic

CVE-1999-0444: 'ARP problem in Windows9X/NT' - MARC

Remote command execution in Microsoft Internet Explorer using .lnk and .url files.

CVE-1999-0280: IBM X-Force Exchange

Categories: News
Tags: malware

Tags:  ZINC

Tags:  microsoft

Tags:  infection

Tags:  C&C

Tags:  open source

Tags:  job offer

Tags:  fake

Tags:  LinkedIn

A North Korean ZINC group is accused of creating compromised versions of KiTTY, PuTTY, TightVNC, and other popular open-source software apps



(Read more...)




The post Bogus job offers hide trojanised open-source software appeared first on Malwarebytes Labs.

Tag

#microsoft