lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <000501c36082$f99e9340$0b01a8c0@nerv.local>
From: gbunch at gmx.net (Gerald Cody Bunch)
Subject: ISS Security Brief: "MS Blast" MSRPC DCOM Worm Propagation (fwd)

For the benefit of the list, and at the risk of being repetitive.

<snip>
For one, Windows 2000 is the only platform the worm is spreading to,
</snip>

That's not quite true.
https://tms.symantec.com/members/AnalystReports/030811-Alert-DCOMworm.pd
f

According to Symantec you have about an 80/20% (xp/2k) chance that
offset will be used.
Though, you are right in pointing out that Server 2k3 is vulnerable as
well.

 Thanks,

 Gerald Cody Bunch
 gbunch@....net


-----Original Message-----
From: full-disclosure-admin@...ts.netsys.com
[mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of Matthew
Murphy
Sent: Monday, August 11, 2003 10:04 PM
To: Full Disclosure
Subject: Re: [Full-Disclosure] ISS Security Brief: "MS Blast" MSRPC DCOM
Worm Propagation (fwd)


> I don't know if this covers what's already been said about DCOM 
> worms...
>
[snip]
> > Impact:
> >
> > Any vulnerable desktop or server connected to the Internet may be 
> > vulnerable to attack. All Windows 2000, Windows XP and Windows NT 
> > 4.0 computers that have not been patched are vulnerable to attack 
> > from the automated worm, or manual attack. X-Force believes that 
> > hundreds of thousands of computers may still be vulnerable. 
> > Unsuccessful propagation attempts may crash vulnerable computers, or

> > render them unstable. Successful worm outbreaks have been known to 
> > cause significant localized network latency, and widespread denial 
> > of service.
[snip]

This is not accurate.  For one, Windows 2000 is the only platform the
worm is spreading to, and for two, Windows Server 2003 is also impacted.
As it is no longer a trial OS, I would have expected to see it in ISS'
listing as well.  Minor, but worth noting, no less.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ