lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <416D850F.1050304@sdf.lonestar.org>
From: bkfsec at sdf.lonestar.org (Barry Fitzgerald)
Subject: Possibly a stupid question RPC over HTTP

Daniel H. Renner wrote:

>Daniel,
>
>Could you please point out where you read this data?  I would like to
>see this one...
>  
>

I seem to remember that this was one of the caveats with regard to 
MSBlast and RPC/DCOM vulnerabilities last year.

In certain configurations, it was theoretically possible (I'd never 
personally seen any PoC code or worms that exploited it, though) that 
some RPC calls could be made via RPC over HTML.  According to the 
security bulletin for MS03-026, the service that provides RPC over HTML 
is COM Internet Services (CIS). 

 From what I recall, it was discussed at the time as a potential 
infection vector, though CIS is not installed by default on IIS 
installs.  There were, at the time, very few sites that utilized it.  
Feel free to correct me if I'm wrong, though.

Please see the MS03-026 bulletin for some more points:

        http://www.microsoft.com/technet/security/bulletin/MS03-026.mspx

Go down to the "Frequently asked Questions" section, expand it, and look 
at the section that discusses CIS for more information.  I'm sure that 
this will give you enough information to do some more searching for 
further information on current versions of CIS and determining whether 
they're installed.

          -Barry



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ