lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list] 
Date: 10 Oct 2003 21:51:22 -0000
From: K-OTiK Security <Special-Alerts@...tik.com>
To: bugtraq@...urityfocus.com
Subject: Re: Bad news on RPC DCOM vulnerability


In-Reply-To: <1155962754.20031010184852@...URITY.NNOV.RU>


as confirmed by 3APA3A and security labs, it seems that the public exploit *works* even if the patch MS03-039 is *installed*

This is a highly critical vulnerability - users MUST block vulnerable ports !

Regards.

K-OTik Staff /\\/ http://wwww.k-otik.com



>From: 3APA3A <3APA3A@...URITY.NNOV.RU>
>
>Dear bugtraq@...urityfocus.com,
>
>There are few bad news on RPC DCOM vulnerability:
>
>1.  Universal  exploit  for  MS03-039  exists in-the-wild, PINK FLOYD is
>again actual.
>2.  It  was  reported  by exploit author (and confirmed), Windows XP SP1
>with  all  security  fixes  installed still vulnerable to variant of the
>same bug. Windows 2000/2003 was not tested. For a while only DoS exploit
>exists,  but  code execution is probably possible. Technical details are
>sent to Microsoft, waiting for confirmation.
>
>Dear  ISPs.  Please  instruct  you customers to use personal fireWALL in
>Windows XP.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ