lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
From: jackhammer at gmail.com (Paul Tinsley)
Subject: LSASS exploit win32 binary

look through the snort mailing lists or through the cvs rules, both
have rules for the lsass exploit.

On Wed, 28 Apr 2004 23:22:09 -0500, Chris Scott <cscott@...idsmgmt.com> wrote:
> 
> Does anyone have snort sigs or any means of defending against the worms that
> are exploiting this? Several acquaintances of mine which work for edu's are
> reporting their networks being affected by this in a big way. They have 2k
> machines which apparently broke when applied with the MS04-011 patch.
> 
> Am I correct in saying that LSASS cannot be disabled completely because the
> Security Accounts Manager service which uses LSASS is required for normal
> operation of Windows?
> 
> 
> -----Original Message-----
> From: full-disclosure-admin@...ts.netsys.com
> [mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of
> bosborne@...tex.com.au
> Sent: Tuesday, April 27, 2004 10:36 PM
> To: full-disclosure@...ts.netsys.com
> Subject: RE: [Full-Disclosure] LSASS exploit win32 binary
> 
> for those who are testing... a "shutdown -a" will stop it shutting down
> although a manual shutdown after that displays a "You do not have
> permission to shut down this computer."
> 
> tested it on 3 xp boxes without appropriate patch, all crashed.
> 
> |---------+-------------------------------------->
> |         |           "Chris Scott"              |
> |         |           <cscott@...idsmgmt.com>    |
> |         |           Sent by:                   |
> |         |           full-disclosure-admin@...ts|
> |         |           .netsys.com                |
> |         |                                      |
> |         |                                      |
> |         |           28/04/2004 01:00 PM        |
> |         |                                      |
> |---------+-------------------------------------->
> 
> >---------------------------------------------------------------------------
> -----------------------------------|
>   |
> |
>   |        To:      <Q.Long@...y.ac.uk>, <full-disclosure@...ts.netsys.com>
> |
>   |        cc:
> |
>   |        Subject: RE: [Full-Disclosure] LSASS exploit win32 binary
> |
> 
> >---------------------------------------------------------------------------
> -----------------------------------|
> 
> Tested against Windows XP Pro without the appropriate patch, it crashes the
> service and initiates a shutdown timer.
> 
> -----Original Message-----
> From: full-disclosure-admin@...ts.netsys.com
> [mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of
> Q.Long@...y.ac.uk
> Sent: Tuesday, April 27, 2004 6:24 PM
> Subject: [Full-Disclosure] LSASS exploit win32 binary
> 
> hi kids.
> here's the compiled version of LSASS exploit from k-otik ...
> http://users.volja.net/exceed/RLsasrv.zip
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>


Powered by blists - more mailing lists