lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <200307271640.h6RGe91A011117@mailgate.mailbox.co.za>
From: jenbradley at webmail.co.za (Jennifer Bradley)
Subject: DCOM RPC exploit  (dcom.c)

I don't think you were reading the advisories properly... ;)

MSDE (Microsoft SQL Server Desktop Edition) was vulnerable, which many
products use, including Office, Visual Studio .NET, etc.  Just to
refresh your memory, here's a list of products that contain MSDE

http://www.sqlsecurity.com/forum/applicationslistgridall.aspx

So, it is not a corner-case at all, not even in the slightest bit.
VPNs are common enough these days, so the chances of someone VPNing
into a network with an infected or infectable computer is actually
pretty high.

In the same vein, it looks like if a worm is released, it will most
probably be easily transferable into any corporate domain that has
VPNs as well, since every un-patched Windows is vulnerable.

jb

On Sun, 27 Jul 2003 00:41:22 -0700 (PDT) Nathan Seven
(scosol@...oo.com) wrote:

>--- Paul Schmehl <pauls@...allas.edu> wrote:
>>
>> Are you really serious?  Recall Slammer?  There were
>> networks that were
>> locked down pretty tight.  Slammer couldn't get in,
>> right?  Then one
>> developer who got his unpatched copy of SQL inside
>> the network, by
>> logging in through VPN with his infected laptop,
>> took the entire network
>> down.
>
>Are *you* serious?
>
>Running MSSQL server on my laptop that I also use to
>VPN in is IMO a pretty fucking corner-case...
>
>=====
>--
>live- http://www.thedenofsin.org/
>to- AIM: IMFDUP
>penetrate- http://eAnger.org/
>_may the bitches set you free_
>_______________________________________________
>Full-Disclosure - We believe in it.
>Charter: http://lists.netsys.com/full-disclosure-charter.html

_______________________________________________________________________
LOOK GOOD, FEEL GOOD - WWW.HEALTHIEST.CO.ZA

Cool Connection, Cool Price, Internet Access for R59 monthly @ WebMail
http://www.webmail.co.za/dialup/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ