lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <200309110011.h8B0B5Mi022398@linus.mitre.org>
From: coley at mitre.org (Steven M. Christey)
Subject: MS03-039 has been released - critical

>According to ISS, http://xforce.iss.net/xforce/alerts/id/152, they
>claim that functional exploit code is already in use on the Internet.

I don't think the advisory claims that.  The "functional exploit code"
they describe is for the null-pointer Denial of Service vulnerability
that was reported by Xfocus in July, which does appear to be in active
use (the CVE ID is CAN-2003-0605).

That null-pointer bug was not fixed by the "old" Microsoft bulletin
(MS03-026), but it is fixed in the new bulletin (MS03-039).

The ISS advisory only says that there is "significant potential" for a
worm that takes advantage of the new vulnerabilities.

>anyone know of a 'sploit for this one yet?  Or even proof of concept
>code?

Note: there are 2 distinct overflows, as reported by Microsoft.

A Nessus plugin has been developed for one of the new overflows, as
posted to this list.

Whether it is the same overflow as the one described by eEye, I'm not
sure (someone who knows DCOM at the packet level might be able to
tell, though).

Whether the overflow found by NSFOCUS is the same as the overflow
found by eEye, I'm not sure (NSFOCUS has not published their advisory
yet, and the Microsoft bulletin is unclear as to which researchers
found which overflows).

- Steve


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ