lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: bkfsec at sdf.lonestar.org (Barry Fitzgerald)
Subject: win2kup2date.exe ?

Do you still have a copy of the file?  Have you sent it to the antivirus 
companies for analysis?

Can you repeat the experiment with a patched box and replicate the results?

If so, that could be bad.  It could just be a reworked exploit, though 
-- or perhaps there's a bug in the buffer overflow blocking code?

          -Barry


bashis wrote:

>Hi
>
>Anyone heard about a file called "win2kup2date.exe" ?
>(Google says nothing found..;)
>
>I did a controlled test with a XP Pro box w/o patches on Inet
>and this little thingy came on my testbox thrue some sort of RPC exploit,
>tftp'ed down this file from connecting machine, started with SYSTEM,
>and tries to connect up to IRC.
>
>McAfee Virusscan Enterprise v8.0i with latest DAT's didn't find
>any strange with this file..
>
>That was actually my test, v8.0 of McAfee virusscan have a future of
>"buffer overflow protection", it stopped the wellknown public RPC/DCOM
>exploit, but not the exploit that putted "win2kup2date.exe" on my testbox.
>
>Well, so mutch for the new "buffer overflow protection" future.. crap.. ;)
>
>Have a nice day
>/bashis
>
>_______________________________________________
>Full-Disclosure - We believe in it.
>Charter: http://lists.netsys.com/full-disclosure-charter.html
>
>
>  
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ