pi3 blog

bug bugs bughunt exploit exploiting research vulnerabilities

• Home
• About

“He who fights with monsters should be careful lest he thereby become a monster. And if thou gaze long into an abyss, the abyss will also gaze into thee.”

~Friedrich Nietzsche

• Subscribe

  

• Categories

  • Bughunt (28)
  • Exploiting (36)
  • Ideas (28)
  • LKRG (10)
  • Meeting (6)
  • O wszystkim i o niczym (34)

• Recent Posts

  • RISC-V: Vice Chair of the J-extension Task Group
  • CVE-2023-34367
  • Bug bounties are broken – the story of “i915” bug, ChromeOS + Intel bounty programs, and beyond
  • My talks @ BlackHat 2021 and DefCon29
  • LKRG 0.9.0 has been released!

• Archives

  • November 2023
  • June 2023
  • May 2023
  • July 2021
  • April 2021
  • January 2021
  • December 2020
  • October 2020
  • September 2020
  • June 2020
  • May 2020
  • March 2020
  • October 2019
  • July 2019
  • May 2019
  • April 2019
  • February 2019
  • August 2018
  • July 2018
  • March 2018
  • February 2018
  • January 2018
  • April 2017
  • September 2016
  • July 2015
  • February 2015
  • March 2014
  • August 2013
  • July 2013
  • May 2013
  • April 2013
  • March 2013
  • February 2013
  • October 2012
  • May 2012
  • April 2012
  • December 2011
  • September 2011
  • August 2011
  • July 2011
  • March 2011
  • November 2010
  • October 2010
  • July 2010
  • May 2010
  • March 2010
  • February 2010
  • January 2010
  • December 2009
  • November 2009
  • October 2009
  • September 2009

• Friends

  • Bothunters – Borys Łącki
  • Gynvael Coldwind
  • Icewall
  • j00ru
  • Piotr Bania

• Pages

  • About

Blind TCP/IP hijacking is still alive! After 13 years, Windows 7/XP/2K/9x (and not only) full blind TCP/IP hijacking bug finally got an allocated CVE-2023-34367 (thanks to MITRE). Interestingly, The Pwnie Awards nomination for this research and the published write-up + PoC didn’t help to get it sooner 😉

More information about that bug I described in my blogpost on January 2021:
http://blog.pi3.com.pl/?p=850

More information about CVE is available on the MITRE website:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34367

Information on The Pwnie Awards nomination for this bug and research can be found here:
https://pwnies.com/windows-7-blind-tcp-ip-hijacking/

Port Swigger also covered that bug in their article here:
https://portswigger.net/daily-swig/blind-tcp-ip-hijacking-is-resurrected-for-windows-7

After 13 years we can finally use the CVE to identify this important (at least from my perspective) vulnerability!

Thanks,
Adam

Comments