lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <69C3A9F2-E4C2-11D7-994A-0003939D0468@strong-box.net>
From: craig at strong-box.net (Craig Pratt)
Subject: DCOM MS03-26/MS03-39 Scanners

On Thursday, Sep 11, 2003, at 15:53 US/Pacific, Jerry Heidtke wrote:
>
> At about the time I sent the message below, ISS released an update to
> xfrpcss.exe which apparently resolves some or most of the accuracy
> problems. Of course, there's no notice of this on their web site, nor
> does the executable contain any kind of version identification.
>
> Don't get me wrong, I appreciate the efforts and generosity of the
> vendors making these tools freely available. But releasing scanning
> tools with major accuracy problems, followed by silent upgrades, really
> does little good to the people who are trying to use these tools to 
> save
> their users, employers, and themselves.
>
> Jerry

Has anyone tried Nessus for this? I have it, but I don't have access to 
vulnerable machines. Well, I should say I don't have access to 
known-invulnerable machines - there are plenty of the vulnerable 
variety. ;^)

Nessus plugin 11835: Microsoft RPC Interface Buffer Overrun (KB824416)

  http://cgi.nessus.org/plugins/dump.php3?id=11835

Craig

---
Craig Pratt
Strongbox Network Services Inc.
mailto:craig AT strong-box.net


> -----Original Message-----
> From: Jerry Heidtke
> Sent: Thursday, September 11, 2003 4:39 PM
> To: Jones, David H; full-disclosure@...ts.netsys.com
> Subject: RE: [Full-Disclosure] Foundstone DCOM Scanner
>
>
>
> Except it mistakenly identifies lots of patched systems as still
> vulnerable.
>
> I've tested five different free tools today. Here's a summary of my
> results:
>
> KB824146Scan.exe
>
> Microsoft's scanner. Many errors and accuracy problems. Basically
> unusable.
> Command line scanner with flexible input and output options, but can't
> reliably
> identify Windows 9x systems, systems with DCOM disabled, or some
> non-standard systems.
>
> PTms03039.exe
>
> GUI utility from Positive Technologies (http://www.ptsecurity.com).
> Scans single addresses only, selectable target port.
> Reliability unknown.
>
> RetinaRPCDCOM.exe
>
> GUI utility from Retina. Scans up to Class C.
> Can save output as text or csv file.
> Very accurate. Currently version 1.10.
>
> xfrpcss.exe
>
> Command line scanner from ISS. Can scan unlimited addresses, simple
> usable output.
> Not very accurate. Identifies many patched systems as still vulnerable.
>
> RPCScan2.exe
>
> GUI utility from Foundstone. No limits of scan ranges, can read input
> file.
> Can save output as text or csv file.
> Not very accurate. Identifies many patched systems as still vulnerable,
> especially NT.
>
> I'm looking for something that I can scan almost a whole class B,
> that is a scriptable command line scanner (STDIO) and that is accurate
> enough to base decisions on about disconnecting unpatched workstations,
> in order to try to protect some patient care devices that cannot 
> legally
> be patched but must (for now) remain on our production network.
>
> I haven't seen anything yet that meets these simple requirements.
>
> Jerry
>
> -----Original Message-----
> From: Jones, David H [mailto:Jones.David.H@...ncipal.com]
> Sent: Thursday, September 11, 2003 2:45 PM
> To: full-disclosure@...ts.netsys.com
> Subject: [Full-Disclosure] Foundstone DCOM Scanner
>
>
> Foundstone has released version 2 of their free scanning tool.  IMHO,
> this is the best, free tool I've found to scan a class b.
>
> http://www.foundstone.com
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>
> Confidentiality Notice: This e-mail message, including any attachments,
> is for the sole use of the intended recipient(s) and may contain
> confidential and privileged information.  Any unauthorized review, use,
> disclosure or distribution is prohibited.  If you are not the intended
> recipient, please contact the sender by reply e-mail and destroy all
> copies of the original message.
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>
> Confidentiality Notice: This e-mail message, including any attachments,
> is for the sole use of the intended recipient(s) and may contain
> confidential and privileged information.  Any unauthorized review, use,
> disclosure or distribution is prohibited.  If you are not the intended
> recipient, please contact the sender by reply e-mail and destroy all
> copies of the original message.
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html


-- 
This message checked for dangerous content by MailScanner on StrongBox.


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ