[<prev] [next>] [day] [month] [year] [list]
Message-ID: <41B1FD84D49E05448A4233378E6BF47501F4A815@entmsgnt03.fm.frd.fmlh.edu>
From: jheidtke at fmlh.edu (Jerry Heidtke)
Subject: Immunity's paper?
Security Focus states there is exploit code in the wild for the object
activation overflow, but not for the long filename overflow.
It only takes one.
http://www.securityfocus.com/bid/8458/exploit/
Jerry
-----Original Message-----
From: Exibar [mailto:exibar@...lair.com]
Sent: Monday, September 15, 2003 1:00 PM
To: Jerry Heidtke; full-disclosure@...ts.netsys.com
Subject: Re: [Full-Disclosure] Immunity's paper?
The Exploit that's in the wild right now is an exploit for the DoS.
Very
doubtful that this gets turned into a worm. I'm worried about one of
the
BoF vulnerabilities getting turned into an exploit. Haven't seen that
yet
though...
Thanks everyone for getting me the links to those papers and DoS
exploit
code too!
Exibar
----- Original Message -----
From: "Jerry Heidtke" <jheidtke@...h.edu>
To: "Exibar" <exibar@...lair.com>; <full-disclosure@...ts.netsys.com>
Sent: Monday, September 15, 2003 11:25 AM
Subject: RE: [Full-Disclosure] Immunity's paper?
>
> See http://www.immunitysec.com/papers/msrpcheap.pdf and
> http://www.immunitysec.com/papers/msrpcheap2.pdf.
>
> Exploit code for one of the vulnerabilities in RPCSS is "in the wild".
> No indications of a worm being released yet, but it's only a matter of
> time. If we had a pool going, I'd pick that square for tomorrow
(9/16).
>
> Jerry
>
> -----Original Message-----
> From: Exibar [mailto:exibar@...lair.com]
> Sent: Monday, September 15, 2003 9:18 AM
> To: full-disclosure@...ts.netsys.com
> Subject: [Full-Disclosure] Immunity's paper?
>
>
> Does anyone have this paper that the quoted Microsoft PSS advisory
> mentions
> or a link to it? I'd love to give it a read...
>
> thanks all!
> Exibar
> The PSS Security team is issuing this alert to advise customers that
on
> Saturday 9/13/03 a research company called Immunity published a paper
> providing guidance on how to exploit the vulnerabilities patched by
> Microsoft Security Bulletin MS03-039. To date we've had no reports of
> actual
> exploit code being publicly available or being used actively in a worm
> or
> virus.
>
> Customers that have applied the patch as advised in Microsoft Security
> Bulletin MS03-039 are protected from exploit code developed using the
> guidance provided in this paper. Customers who have not deployed the
> patch
> or taken additional mitigating actions to protect their environment
> should
> be aware that the existence of sample code does make it easier for an
> active
> exploit to be developed. We are therefore strongly urging customers to
> immediately deploy the patch in their environments and take additional
> mitigation steps, as described in the bulletin, to protect themselves.
>
> Information on Microsoft Security Bulletin MS03-039 and its associated
> patch, mitigating factors and workarounds can be found here:
>
> http://www.microsoft.com/technet/security/bulletin/ms03-039.asp
>
> PSS Security Team
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>
> Confidentiality Notice: This e-mail message, including any
attachments,
> is for the sole use of the intended recipient(s) and may contain
> confidential and privileged information. Any unauthorized review,
use,
> disclosure or distribution is prohibited. If you are not the intended
> recipient, please contact the sender by reply e-mail and destroy all
> copies of the original message.
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
Confidentiality Notice: This e-mail message, including any attachments,
is for the sole use of the intended recipient(s) and may contain
confidential and privileged information. Any unauthorized review, use,
disclosure or distribution is prohibited. If you are not the intended
recipient, please contact the sender by reply e-mail and destroy all
copies of the original message.
Powered by blists - more mailing lists