| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 10 Oct 2003 22:08:53 +0400
From: "Alex" <pk95@...dex.ru>
To: <bugtraq@...urityfocus.com>, <full-disclosure@...ts.netsys.com>,
<NTBUGTRAQ@...TSERV.NTBUGTRAQ.COM>
Cc: <Secure@...rosoft.com>
Subject: Re: Bad news on RPC DCOM vulnerability
Exploit code can be found here:
http://www.securitylab.ru/40754.html
This code work with all security fixes. It's very dangerous.
----- Original Message -----
From: "3APA3A" <3APA3A@...URITY.NNOV.RU>
To: <bugtraq@...urityfocus.com>; <full-disclosure@...ts.netsys.com>;
<NTBUGTRAQ@...TSERV.NTBUGTRAQ.COM>
Cc: <Secure@...rosoft.com>
Sent: Friday, October 10, 2003 6:48 PM
Subject: Bad news on RPC DCOM vulnerability
> Dear bugtraq@...urityfocus.com,
>
> There are few bad news on RPC DCOM vulnerability:
>
> 1. Universal exploit for MS03-039 exists in-the-wild, PINK FLOYD is
> again actual.
> 2. It was reported by exploit author (and confirmed), Windows XP SP1
> with all security fixes installed still vulnerable to variant of the
> same bug. Windows 2000/2003 was not tested. For a while only DoS exploit
> exists, but code execution is probably possible. Technical details are
> sent to Microsoft, waiting for confirmation.
>
> Dear ISPs. Please instruct you customers to use personal fireWALL in
> Windows XP.
>
> --
> http://www.security.nnov.ru
> /\_/\
> { , . } |\
> +--oQQo->{ ^ }<-----+ \
> | ZARAZA U 3APA3A }
> +-------------o66o--+ /
> |/
> You know my name - look up my number (The Beatles)
>
>
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists