| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 29 Jul 2003 12:45:51 -0700 From: "Thor Larholm" <thor@...x.com> To: <rohaikaz@...OO.COM> Subject: RE: RPC DCOM still vulnerable even after applying patches Positively confirmed on patched Windows 2000 SP4 - did not reproduce on patched XP Home. Drag/Drop and other COM functions stop working, after a very visible svchost.exe crash. The hdmore loopback exploit is more friendly - it gave a nice DoS on all RPC/COM services (no drag/drop) without crashing svchost. Of course, this is only with the new return addresses that are not tied to any specific servicepack.. Regards Thor Larholm PivX Solutions, LLC - Senior Security Researcher -----Original Message----- From: khan rohail [mailto:rohaikaz@...OO.COM] Sent: Monday, July 28, 2003 8:34 AM Subject: RPC DCOM still vulnerable even after applying patches This is in reference to exploit code available here: http://www.securiteam.com/exploits/5CP0N0KAKK.html ....... We (Douglas Mclean/and I) have checked it against windows 200 SP4 machines that "even if you apply the patch kb823980", you can get DOS attacks as tcp port 135 service (loc-srv)gets crashed and we get this error on the box against which the exploit is being run: "SVCHOST.exe has generated errors and will be closed by Windows. You will need to restart the program. An error log is being created". You are not able to access Event log either and other funny things are detected too. -------- So, even if you apply the patch MS03-026 you still are vulnerable and you can still get DOS attacks. Regards Shoaib Qazi/Douglas McClean UAB
Powered by blists - more mailing lists