Dailydave mailing list archives

Re: MSRPC vulnerability 1 billion and six?

From: H D Moore <hdm-daily-dave () digitaloffense net>
Date: Thu, 17 Nov 2005 13:14:50 -0600

No mitigation on SP2, you can trigger this through an anonymous connection 
to the \Browser pipe (SRVSVC RPC interface). Trying to find my code for 
this, its been a while...


On Thursday 17 November 2005 13:32, Blue Boar wrote:

Dave Aitel wrote:

I have to assume its just "connect to a service, send it a lot of
data". I don't see why that wouldn't work against SP2. You can
connect to services and send lots of data on SP2 as well.


Hm?  The mitigation is that you can't connect to RPC on XP SP2 without
authenticating, isn't it?  You can connect, you just have to
authenticate first.

                                      BB

Current thread:

Re: MSRPC vulnerability 1 billion and six?, (continued)
- - - Re: MSRPC vulnerability 1 billion and six? Alexander Sotirov (Nov 17)
    - Re: MSRPC vulnerability 1 billion and six? H D Moore (Nov 17)
    - Re: MSRPC vulnerability 1 billion and six? Dave Aitel (Nov 17)
- Re: MSRPC vulnerability 1 billion and six? Dave Aitel (Nov 17)
- Re: MSRPC vulnerability 1 billion and six? H D Moore (Nov 17)
  - Re: MSRPC vulnerability 1 billion and six? Dave Aitel (Nov 17)
- Re: MSRPC vulnerability 1 billion and six? halvar (Nov 17)
  - Re: MSRPC vulnerability 1 billion and six? Dave Aitel (Nov 17)
  - Re: MSRPC vulnerability 1 billion and six? Thomas Lakofski (Nov 20)
- Re: MSRPC vulnerability 1 billion and six? Blue Boar (Nov 17)
  - Re: MSRPC vulnerability 1 billion and six? H D Moore (Nov 17)
  - Re: MSRPC vulnerability 1 billion and six? Dave Aitel (Nov 17)