lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <004501c360ec$143f31a0$0c351c41@basement>
From: mattmurphy at kc.rr.com (Matthew Murphy)
Subject: MSblast worm

----- Original Message -----
From: "Johan Denoyer" <jdenoy@...ital-connexion.info>
To: "Jasper Blackwell" <jasper599@...mail.com>
Cc: <full-disclosure@...ts.netsys.com>
Sent: Tuesday, August 12, 2003 6:09 AM
Subject: Re: [Full-Disclosure] MSblast worm


> worms affects :
>
> Microsoft Windows NT 4.0
> Microsoft Windows 2000
> Microsoft Windows XP
> Microsoft Windows Server 2003

WRONG!  The RPC vulnerability affects all of these systems, but the worm
does not successfully spread to Windows NT or to Windows Server 2003
machines.  Further analysis shows my initial conclusion to be wrong, as many
stated here: Windows 2000 *and* Windows XP are impacted.

The reason this doesn't spread to NT/Windows Server machines is because the
two return addresses used are specific to Windows XP/2000.  The exploit is a
straight rip out of dcom.c, right down to the 4444/tcp shell.

> Salutations,
>
> Johan Denoyer
> jdenoy@...ital-connexion.info
> Digital Connexion
> http://www.digital-connexion.info
>
> Jasper Blackwell a dit&#160;:
> > Hi All,
> >
> > Does anyone know if this MSblast worm affects Win NT machines, or is it
> > just
> > infecting 2000 and XP.
> >
> > Thanks
> >
> > Jasp
> >
> > _________________________________________________________________
> > Sign-up for a FREE BT Broadband connection today!
> > http://www.msn.co.uk/specials/btbroadband
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.netsys.com/full-disclosure-charter.html
> >
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ