lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <004901c3541c$80ba8230$0100a8c0@cp30f99b0ae7a6>
From: cheekypeople at sec33.com (CHeeKY)
Subject: DCOM RPC exploit  (dcom.c)

> Paul, have you patched against this vunerability?
> if so then be cool, most holes work as people didnt follow or have  a
clear
> and present patching program,
> With regards to slammer, again it was successful due to, as you put it
rogue
> machines that werent patched, but that to me was a program that caused the
> issue, this is a standard port, on my firewall system port 135 isnt open,
on
> a VPN-ed laptop the patch has been released for folk, and laptop firewalls
> amended.
>
> Again we have issue of rogue machine, but thats what I have perimeter
> defenses for, NAT would effectively kill this exploit, same with sqlhack
of
> old, they maybe able to knock at the door, but they cant take the goods
back
> out the way they came...
>
> For the record we stopped slammer with a patch that we put on 6 months
> earlier, and thus everyone that had sql had already been patched through
> login script, others got the patch through our sms system as new released
> patches are tested and integrated as soon as available.
> I believe its about approach.
>
> Regards
>
>
> -------------------------------------------------------------------------
> FIGHT BACK AGAINST SPAM!
> Download Spam Inspector, the Award Winning Anti-Spam Filter
> http://mail.giantcompany.com
>
>
> ----- Original Message ----- 
> From: "Paul Schmehl" <pauls@...allas.edu>
> To: "Ron DuFresne" <dufresne@...ternet.com>
> Cc: "Chris Paget" <chrisp@...software.com>; "Len Rose" <len@...sys.com>;
> <full-disclosure@...ts.netsys.com>
> Sent: Sunday, July 27, 2003 5:20 AM
> Subject: Re: [Full-Disclosure] DCOM RPC exploit (dcom.c)
>
>
> > On Sat, 2003-07-26 at 22:29, Ron DuFresne wrote:
> > >
> > > I'm just trying to understand how corporate networks would/should be
at
> > > risk with this, why port 135 would not be filtered already limiting
> > > exposure.  Is there a reason why it would not be that I'm missing?
> >
> > Are you really serious?  Recall Slammer?  There were networks that were
> > locked down pretty tight.  Slammer couldn't get in, right?  Then one
> > developer who got his unpatched copy of SQL inside the network, by
> > logging in through VPN with his infected laptop, took the entire network
> > down.
> >
> > You can't get in to our network on those ports either - unless you're
> > already in.  But I can guarantee you that we'll be chasing infected
> > boxes down for days after the worm hits.  And we've already patched
> > everything that we could patch.  I scan for Slammer every week, because
> > every week someone new decides to install SQL unpatched or some stupid
> > app that has an unpatched copy of MSDE.  Now I'll be chasing the RPC
> > worm around too.
> >
> > You can't firewall 135 inside your network or you'd have no network.
> >
> > The only reason I read lists like this is because I need to know before
> > it hits what the next stupid exploit is that I have to deal with.  And
> > every one is a royal PITA.  I put virus and worm writers right there in
> > the same pile with spammers.  They're all the scum of the earth.  Clear
> > examples of the worst of human nature.
> >
> > -- 
> > Paul Schmehl (pauls@...allas.edu)
> > Adjunct Information Security Officer
> > The University of Texas at Dallas
> > AVIEN Founding Member
> > http://www.utdallas.edu/~pauls/
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.netsys.com/full-disclosure-charter.html
> >
> >
>



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ