|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Windows DCOM exploit (was Re: What you don't want to hear froma peer)
HD Moore released one today that returns a Local System shell on port 4444. I've run it in the lab and, as expected of all HD code, works consistantly. g On Fri, 25 Jul 2003 15:56:57 -0400 "Ingevaldson, Dan (ISS Atlanta)" <[email protected]> wrote: > George- > > Which exploit are you referring to? There are several floating around. > Many of them are misrepresented as MS03-026 exploits. There was another > vulnerability disclosed that only causes a DoS condition--no remote > compromise. > > Regards, > =============================== > Daniel Ingevaldson > Engineering Manager, X-Force R&D > [email protected] > 404-236-3160 > > Internet Security Systems, Inc. > The Power to Protect > http://www.iss.net > =============================== > > > -----Original Message----- > From: George Bakos [mailto:[email protected]] > Sent: Friday, July 25, 2003 3:47 PM > Cc: [email protected]; [email protected] > Subject: Windows DCOM exploit (was Re: What you don't want to hear from > a peer) > > > > On Fri, 25 Jul 2003 14:29:13 -0500 > John Kristoff <[email protected]> wrote: > > > Maybe it'll help start the weekend with a smile. > > Smile for now; it probably won't last. The Windows DCOM exploit that was > released today, works perfectly. BTW, how many residential networks > (worm > fodder) really need port 135/tcp open, anyway? > > And I thought I would have time to split some cordwood today. Rats. > George Bakos Institute for Security Technology Studies - IRIA Dartmouth College [email protected] 603.646.0665 -voice 603.646.0666 -fax |