lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
From: jenbradley at webmail.co.za (Jennifer Bradley) Subject: DCOM RPC exploit (dcom.c) I don't think you were reading the advisories properly... ;) MSDE (Microsoft SQL Server Desktop Edition) was vulnerable, which many products use, including Office, Visual Studio .NET, etc. Just to refresh your memory, here's a list of products that contain MSDE http://www.sqlsecurity.com/forum/applicationslistgridall.aspx So, it is not a corner-case at all, not even in the slightest bit. VPNs are common enough these days, so the chances of someone VPNing into a network with an infected or infectable computer is actually pretty high. In the same vein, it looks like if a worm is released, it will most probably be easily transferable into any corporate domain that has VPNs as well, since every un-patched Windows is vulnerable. jb On Sun, 27 Jul 2003 00:41:22 -0700 (PDT) Nathan Seven (scosol@...oo.com) wrote: >--- Paul Schmehl <pauls@...allas.edu> wrote: >> >> Are you really serious? Recall Slammer? There were >> networks that were >> locked down pretty tight. Slammer couldn't get in, >> right? Then one >> developer who got his unpatched copy of SQL inside >> the network, by >> logging in through VPN with his infected laptop, >> took the entire network >> down. > >Are *you* serious? > >Running MSSQL server on my laptop that I also use to >VPN in is IMO a pretty fucking corner-case... > >===== >-- >live- http://www.thedenofsin.org/ >to- AIM: IMFDUP >penetrate- http://eAnger.org/ >_may the bitches set you free_ >_______________________________________________ >Full-Disclosure - We believe in it. >Charter: http://lists.netsys.com/full-disclosure-charter.html _______________________________________________________________________ LOOK GOOD, FEEL GOOD - WWW.HEALTHIEST.CO.ZA Cool Connection, Cool Price, Internet Access for R59 monthly @ WebMail http://www.webmail.co.za/dialup/
Powered by blists - more mailing lists