lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <4238AE79.3000101@immunitysec.com>
Date: Wed, 16 Mar 2005 17:08:57 -0500
From: Dave Aitel <dave@...unitysec.com>
To: bugtraq@...urityfocus.com
Subject: LLSSRV Clarifications <Immunity>


Immunity is happy to announce the release from VSC of a new paper to our 
public website regarding the technical details of the llssrv 
vulnerability Microsoft released on February 8th, 2005. Along with this 
paper, we've released a reliable, language-independant exploit to the 
CANVAS distribution.

As stated in MS05-010, LLSSRV is not remotely exploitable on Windows 
2000 Server SP3 and 4 without authentication. However, it is remotely 
exploitable in Windows 2000 Advanced Server SP 3 and 4 without 
authentication. This information, missing from MS05-010, is a perfect 
example as to why fully independant third party security information and 
exploit code provide a key link in an organization's ability to 
understand and evaluate the risk posted by vulnerabilities.

Further details, vulnerability release scheduling, and other information 
are available here:
http://www.immunitysec.com/resources-advisories.shtml

Thanks,
Dave Aitel
Immunity, Inc.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ