| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: Reda.Zitouni at vigilante.com (RĂ©da Zitouni) Subject: [inbox] Re: MS03-039 has been released (DoS) sploit ? Seems guys you are mistaking. Here is the NSfocus advisory. In fact they found (as the M$ advisory is not clear on the subject) the 2nd BoF(CAN-2003-0528 <http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0528> ) and not the DoS. The one you are talking of is an old (few weeks) vulnerability related to MS03-026 found by Ben Jurry. http://www.nsfocus.com/english/homepage/research/0306.htm Reda Zitouni Security Engineer VIGILANTe - France http://www.VIGILANTe.com <outbind://157/BLOCKED> _____ De : Exibar [mailto:exibar@...lair.com] Envoy? : jeudi 11 septembre 2003 01:58 ? : Elv1S; full-disclosure@...ts.netsys.com Sure looks that way, especially with the 7/21 datestamp for the directory and in the page name :-) It's *very* unlikely that we see a worm that acts on the DoS vuln, it's just too much work. The BoF's are the ones that has my attention and need to patch urgently. Exibar -----Original Message----- From: full-disclosure-admin@...ts.netsys.com [mailto:full-disclosure-admin@...ts.netsys.com]On Behalf Of Elv1S Sent: Wednesday, September 10, 2003 6:49 PM To: full-disclosure@...ts.netsys.com Subject: [inbox] [Full-Disclosure] Re: MS03-039 has been released (DoS) sploit ? thinkin' that they talking about the xfocus sploit public since 07-21 ? for the DoS vuln MS03-032 true or not ? http://www.k-otik.com/exploits/07.21.win2kdos.c.php Mike Tancsa <mike@...tex.net> wrote: http://xforce.iss.net/xforce/alerts/id/152 says, "The new DoS vulnerability was disclosed by a hacking group in China on July 25, 2003, and functional exploit code is already in use on the Internet. " ---Mike At 01:41 PM 10/09/2003, Exibar wrote: >anyone know of a 'sploit for this one yet? Or even proof of concept code? > > >----- Original Message ----- >From: "Ryan, Pete" >To: >Sent: Wednesday, September 10, 2003 12:23 PM >Subject: [Full-Disclosure] MS03-039 has been released - critical > > > > > > >http://www.microsoft.com/technet/treeview/default.asp?url=/technet/secu rity/ > > bulletin/MS03-039.asp > > > > -Pete > > > > _______________________________________________ > > Full-Disclosure - We believe in it. > > Charter: http://lists.netsys.com/full-disclosure-charter.html > >_______________________________________________ >Full-Disclosure - We believe in it. >Charter: http://lists.netsys.com/full-disclosure-charter.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html _____ Do you Yahoo!? Yahoo! SiteBuilder <http://us.rd.yahoo.com/evt=10469/*http://sitebuilder.yahoo.com> - Free, easy-to-use web site design software -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20030911/ae705a0e/attachment.html
Powered by blists - more mailing lists