Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:13212
HistoryJun 16, 2006 - 12:00 a.m.

Regarding "SMB Invalid Handle Value" - MS06-030. Vulnerability not fixed.

2006-06-1600:00:00
vulners.com
9
JSON

Hi,

Just to confirm that Microsoft has not fixed the NtClose/ZwClose
DeadLock vulnerability. The bulletin MS06-030 addressed this flaw as
"SMB Invalid Handle Value" which is just an euphemism under my point of
view.

The code added to mrxsmb.sys is just a wrapper in order to avoid the
"Invalid Handle".

I am sure that Microsoft has its own reasons to do this, I do not care
about. I'm not interested in discussing. However, I think that the
Driver Developer community should be informed that using
NtClose/ZwClose, the driver will be exposed to a security issue by
default. If this issue is considered as a feature, please, document it.
A developer is not extrictely required to know this behaviour.

case IOCTL_CLOSEHANDLE_DEADLOCK:

    inBuf = Irp->AssociatedIrp.SystemBuffer;
    ZwClose((HANDLE)inBuf[0]);

References: -Reversing mrxsmb.sys , Chapter II "NtClose DeadLock"-
http://www.reversemode.com/index.php?option=com_content&task=view&id=14&Itemid=1

Rubén Santamarta,
www.reversemode.com

JSON