lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
From: cscott at fluidsmgmt.com (Chris Scott)
Subject: LSASS exploit win32 binary

Does anyone have snort sigs or any means of defending against the worms that
are exploiting this? Several acquaintances of mine which work for edu's are
reporting their networks being affected by this in a big way. They have 2k
machines which apparently broke when applied with the MS04-011 patch.

Am I correct in saying that LSASS cannot be disabled completely because the
Security Accounts Manager service which uses LSASS is required for normal
operation of Windows?

-----Original Message-----
From: full-disclosure-admin@...ts.netsys.com
[mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of
bosborne@...tex.com.au
Sent: Tuesday, April 27, 2004 10:36 PM
To: full-disclosure@...ts.netsys.com
Subject: RE: [Full-Disclosure] LSASS exploit win32 binary

for those who are testing... a "shutdown -a" will stop it shutting down
although a manual shutdown after that displays a "You do not have
permission to shut down this computer."

tested it on 3 xp boxes without appropriate patch, all crashed.



|---------+-------------------------------------->
|         |           "Chris Scott"              |
|         |           <cscott@...idsmgmt.com>    |
|         |           Sent by:                   |
|         |           full-disclosure-admin@...ts|
|         |           .netsys.com                |
|         |                                      |
|         |                                      |
|         |           28/04/2004 01:00 PM        |
|         |                                      |
|---------+-------------------------------------->
 
>---------------------------------------------------------------------------
-----------------------------------|
  |
|
  |        To:      <Q.Long@...y.ac.uk>, <full-disclosure@...ts.netsys.com>
|
  |        cc:
|
  |        Subject: RE: [Full-Disclosure] LSASS exploit win32 binary
|
 
>---------------------------------------------------------------------------
-----------------------------------|





Tested against Windows XP Pro without the appropriate patch, it crashes the
service and initiates a shutdown timer.

-----Original Message-----
From: full-disclosure-admin@...ts.netsys.com
[mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of
Q.Long@...y.ac.uk
Sent: Tuesday, April 27, 2004 6:24 PM
Subject: [Full-Disclosure] LSASS exploit win32 binary

hi kids.
here's the compiled version of LSASS exploit from k-otik ...
http://users.volja.net/exceed/RLsasrv.zip

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html





_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


Powered by blists - more mailing lists