lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
From: davek_throwaway at hotmail.com (Dave Korn)
Subject: Allchin bug p-o-c. 

----- Original Message -----
From: <Andrew.Berges@...restre.com>
To: <full-disclosure@...ts.netsys.com>
Sent: Tuesday, October 07, 2003 6:28 PM
Subject: RE: [Full-Disclosure] Allchin bug p-o-c.


>So how large of an impact are we looking at here for the average networked
>environment?  I don't see this service running on any of our servers here,
>although the exe is most definitely there ... is this a subprocess that 
>gets
>spawned as necessary to allow applications to communicate with the OS?
>
>Pardon my ignorance.
>
>Regards,
>
>Andrew Berges - Associate Manager, Systems
>Everest Global Services

  To be honest, I don't think it's a very serious issue.  MSMQ isn't 
terribly widely deployed, the bug has already been fixed for at least one 
SP, and it seems easy to filter at the border.  AFAIR MSMQ isn't installed 
by default on w2k, not even server versions, so it's something that only 
people who have deliberately configured it into their systems will have 
running.

      DaveK

_________________________________________________________________
Tired of 56k? Get a FREE BT Broadband connection 
http://www.msn.co.uk/specials/btbroadband

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ