lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: dsoeder at eeye.com (Derek Soeder)
Subject: MS03-039 has been released - critical

This question also popped up on NTBugtraq and Marc answered it there.
Here's the archived message:

http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0309&L=ntbugtraq&P=4
387

To summarize, the new (824146) hotfix changes some behavior that causes
older versions of the check to fail (with false positives) in the majority
of scanning tools.  We updated Retina and the free scanning tool to properly
detect both vulnerabilities, so it sounds like you're running an older
version.  Please make sure to get the latest copy -- the About dialog should
say 1.1.0 or higher.

You can download the current version of the scanner here:

http://www.eeye.com/html/Research/Tools/RPCDCOM.html

I hate to come off as plugging  =I   but I hope this clears up the confusion
for everyone who missed the NTBugtraq post...

-- Derek


> -----Original Message-----
> From: full-disclosure-admin@...ts.netsys.com
> [mailto:full-disclosure-admin@...ts.netsys.com]On Behalf Of waces
> Sent: Wednesday, September 10, 2003 10:55 PM
> To: full-disclosure@...ts.netsys.com
> Subject: Re[2]: [Full-Disclosure] MS03-039 has been released - critical
>
>
> Dear Jared,
> Thursday, September 11, 2003, 12:53:12 AM, you wrote:
> BJ> The eeye tool does a better job at this than the current MS tool...
> BJ> ...
> That's quite strange for me. I ran all the patches on one of my
> servers. After it the Scan-tool form microsoft said:
> x.x.x.x patched with KB924146 and KB923980
> And it's the correct answare.
> After it I tried DCOM scanning tool from eEye. And it's said this
> computer is VURNELABLE.
> Why?
> Thanks
> --
> Wallner 'Waces' Tamas
> IT Administrator
> ScanSoft-Recognita Corp.
> Phone: +36-1-4128-729
> Mobile: +36-30-992-5191

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ