lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <200405032359.i43NxO908477@netsys.com>
From: randallm at fidmail.com (RandallM)
Subject: RE: Full-Disclosure digest, new LSASS - Javier

Javier,
Boy are you hitting the head on the nail. There I was getting ready to patch
all the machines I could that day (I had posted here about getting help in
that direction "a man's gotta patch") and while I had a cd in my hand
getting ready to insert it, up popped the "LSASS Vulnerability" error and
"restart in 60 seconds"! Well, I shut it down, booted with no network and
patched and everything came out ok. Whew!

<|>--__--__--
<|>
<|>Message: 4
<|>Date: Mon, 03 May 2004 10:45:35 +0200
<|>From: Javier Fernandez-Sanguino <jfernandez@...minus.com>
<|>Organization: Germinus
<|>To: Ben Ryan <ben@...c.edu.au>
<|>CC: NTBUGTRAQ@...TSERV.NTBUGTRAQ.COM, bugtraq@...urityfocus.com,
<|>   full-disclosure@...ts.netsys.com
<|>Subject: [Full-Disclosure] Re: New LSASS-based worm finally here (Sasser)
<|>
<|>Ben Ryan wrote:
<|>
<|>> As expected, LSASS exploit-based worm seems to have arrived. Fasten
<|>your
<|>> seatbelts, those unpatched please use the spew bags provided :)
<|>> I hope PSS resolves the issues discussed in KB835732.
<|>
<|>What's more disturbing is that this worm has established a new record
<|>for Microsoft worms [1]. Blaster was the fastest worm (25 days since
<|>the patch was published to the worm), this one has been even faster
<|>(17 days for the first variant since the patch was published to the
<|>worm). Of course, I'm not considering the fact that this issue was
<|>known, at least to eEye and Microsoft, for over 5 months.
<|>
<|>Regards
<|>
<|>Javier
<|>
<|>[1] Approaching the record of worms in other OS, which, I believe, is
<|>held by Scalper (10 days from patch to worm). But hey, they could
<|>browse the source changes for that one.
<|>
<|>
<|>--__--__--
<|>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ