[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <003201c377dc$b5cbab00$1214dd80@mpb2001>
From: exibar at thelair.com (Exibar)
Subject: MS03-039 has been released - critical
This has been confirmed, just in case anyone was still fuzzy on this.
"039 has 1 DoS and 2 (new) BOs. All of the info in 039 is "new" and
doesn't recycle 026 info. Though 039 also includes 026 fixes, of course.
Important point - the NEW (ms03-039) bulletin is all NEW info."
Exibar
----- Original Message -----
From: "Exibar" <exibar@...lair.com>
To: <full-disclosure@...ts.netsys.com>; "Mike Tancsa" <mike@...tex.net>
Sent: Wednesday, September 10, 2003 3:05 PM
Subject: Re: [Full-Disclosure] MS03-039 has been released - critical
> To add to my previous reply. The DoS is the only thing in MS03-039 that
is
> "old". The two buffer overflows are brand new and are not the same as
> MS03-026. These are the real dangers here, not that the DoS isn't
> dangerous, but the buffer overflows are the keys to the security alert.
>
> Does anyone know if there is a 'sploit for the buffer overflows in the
> wild?
>
> Exibar
>
>
> ----- Original Message -----
> From: "Mike Tancsa" <mike@...tex.net>
> To: "Exibar" <exibar@...lair.com>; <full-disclosure@...ts.netsys.com>
> Sent: Wednesday, September 10, 2003 2:54 PM
> Subject: Re: [Full-Disclosure] MS03-039 has been released - critical
>
>
> >
> > http://xforce.iss.net/xforce/alerts/id/152 says,
> >
> > "The new DoS vulnerability was disclosed by a hacking group in China on
> > July 25, 2003, and functional exploit code is already in use on the
> > Internet. "
> >
> > ---Mike
> >
> >
> > At 01:41 PM 10/09/2003, Exibar wrote:
> > >anyone know of a 'sploit for this one yet? Or even proof of concept
> code?
> > >
> > >
> > >----- Original Message -----
> > >From: "Ryan, Pete" <pete.ryan@...mson.com>
> > >To: <full-disclosure@...ts.netsys.com>
> > >Sent: Wednesday, September 10, 2003 12:23 PM
> > >Subject: [Full-Disclosure] MS03-039 has been released - critical
> > >
> > >
> > > >
> > > >
> >
>
>http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security
> /
> > > > bulletin/MS03-039.asp
> > > >
> > > > -Pete
> > > >
> > > > _______________________________________________
> > > > Full-Disclosure - We believe in it.
> > > > Charter: http://lists.netsys.com/full-disclosure-charter.html
> > >
> > >_______________________________________________
> > >Full-Disclosure - We believe in it.
> > >Charter: http://lists.netsys.com/full-disclosure-charter.html
> >
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists