Smb2 Negotiate Protocol Request Remote Bsod Demo

Description:





The attack is triggered by sending malformed SMB headers in the NEGOTIATE PROTOCOL REQUEST. The NEGOTIATE PROTOCOL REQUEST is the first SMB query a client send to a SMB server, and it's used to identify the SMB dialect that will be used for futher communication. The



Thanks to Matt Downer (mattdowner [] gmail) for creating and posting a wonderful demo of this bug to SecurityTube!





Laurent Gaffie was recently in the news for discovering SMB2.0 NEGOTIATE PROTOCOL REQUEST Remote B.S.O.D. vulnerability which affects Windows Vista, Server 2008 < R2 and 7 RC.The attack is triggered by sending malformed SMB headers in the NEGOTIATE PROTOCOL REQUEST. The NEGOTIATE PROTOCOL REQUEST is the first SMB query a client send to a SMB server, and it's used to identify the SMB dialect that will be used for futher communication. The exploit code and more details can be found on Laurent's blog . Looks like the guys at Microsoft forgot to use a fuzzer to test their SMB protocol implementation :) or maybe they haven't heard of fuzzers yet ;)

Tags: fun ,





Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.