lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <4168A0588F90914893B46F43DDC3415936F363@tls-exchange.internal.vigilante.com>
From: Reda.Zitouni at vigilante.com (RĂ©da Zitouni)
Subject: [inbox] Re: MS03-039 has been released (DoS) sploit ?

Seems guys you are mistaking. Here is the NSfocus advisory. In fact they
found (as the M$ advisory is not clear on the subject) the 2nd
BoF(CAN-2003-0528
<http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0528> )  and
not the DoS. The one you are talking of is an old (few weeks)
vulnerability related to MS03-026 found by Ben Jurry.
 
http://www.nsfocus.com/english/homepage/research/0306.htm
 

Reda Zitouni

Security Engineer

VIGILANTe - France

http://www.VIGILANTe.com <outbind://157/BLOCKED> 

 



  _____  

De : Exibar [mailto:exibar@...lair.com] 
Envoy? : jeudi 11 septembre 2003 01:58
? : Elv1S; full-disclosure@...ts.netsys.com


Sure looks that way, especially with the 7/21 datestamp for the
directory and in the page name :-)
 
  It's *very* unlikely that we see a worm that acts on the DoS vuln,
it's just too much work.  The BoF's are the ones that has my attention
and need to patch urgently.
 
  Exibar

	-----Original Message-----
	From: full-disclosure-admin@...ts.netsys.com
[mailto:full-disclosure-admin@...ts.netsys.com]On Behalf Of Elv1S
	Sent: Wednesday, September 10, 2003 6:49 PM
	To: full-disclosure@...ts.netsys.com
	Subject: [inbox] [Full-Disclosure] Re: MS03-039 has been
released (DoS) sploit ?
	
	
	thinkin' that they talking about the xfocus sploit public since
07-21 ? for the DoS vuln MS03-032
	 
	true or not ?
	 
	http://www.k-otik.com/exploits/07.21.win2kdos.c.php


	Mike Tancsa <mike@...tex.net> wrote:


		http://xforce.iss.net/xforce/alerts/id/152 says,
		
		"The new DoS vulnerability was disclosed by a hacking
group in China on
		July 25, 2003, and functional exploit code is already in
use on the
		Internet. "
		
		---Mike
		
		
		At 01:41 PM 10/09/2003, Exibar wrote:
		>anyone know of a 'sploit for this one yet? Or even
proof of concept code?
		>
		>
		>----- Original Message -----
		>From: "Ryan, Pete" 
		>To: 
		>Sent: Wednesday, September 10, 2003 12:23 PM
		>Subject: [Full-Disclosure] MS03-039 has been released -
critical
		>
		>
		> >
		> >
	
>http://www.microsoft.com/technet/treeview/default.asp?url=/technet/secu
rity/
		> > bulletin/MS03-039.asp
		> >
		> > -Pete
		> >
		> > _______________________________________________
		> > Full-Disclosure - We believe in it.
		> > Charter:
http://lists.netsys.com/full-disclosure-charter.html
		>
		>_______________________________________________
		>Full-Disclosure - We believe in it.
		>Charter:
http://lists.netsys.com/full-disclosure-charter.html
		
		_______________________________________________
		Full-Disclosure - We believe in it.
		Charter:
http://lists.netsys.com/full-disclosure-charter.html

	
  _____  

	Do you Yahoo!?
	Yahoo! SiteBuilder
<http://us.rd.yahoo.com/evt=10469/*http://sitebuilder.yahoo.com>  -
Free, easy-to-use web site design software

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20030911/ae705a0e/attachment.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ