Full Disclosure mailing list archives
Re: DCOM Exploit MS03-026 attack vectors
From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Fri, 01 Aug 2003 22:44:07 +1200
"Paul Tinsley" <pdt () jackhammer org> wrote:
Microsoft owns up to the exploit being usable on 135, 139 and 445, I have heard rumors of port 80 being vulnerable as well. ...
Brad Bemis is right -- other ports (and not just port 80) associated with IIS _if_ COM Internet Services is enabled are also exploitable.
... I was curious as to whether anyone had seen anything using a port other than 135? ...
Look for messages by Todd Sabin in Bugtraq and/or NTBugtraq and/or VulnWatch and/or Full-Disclosure for more details.
... Everything I have seen discussed here and elsewhere has been 135 specific.
Well, it is the most widely supported default interface that is vulnerable. It would be a very unusual machine that is vulnerable on some other port and _NOT_ on 135, so what is the payoff for writing an exploit (at least a "prrof of concept") that tries other ports? Regards, Nick FitzGerald _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- DCOM Exploit MS03-026 attack vectors Paul Tinsley (Jul 31)
- Re: DCOM Exploit MS03-026 attack vectors Nick FitzGerald (Aug 01)
- <Possible follow-ups>
- RE: DCOM Exploit MS03-026 attack vectors Brad Bemis (Jul 31)
- RE: DCOM Exploit MS03-026 attack vectors Paul Tinsley (Aug 01)
- RE: DCOM Exploit MS03-026 attack vectors Jasper Blackwell (Jul 31)
- Re: RE: DCOM Exploit MS03-026 attack vectors Richard Spiers (Aug 01)
- Re: RE: DCOM Exploit MS03-026 attack vectors Geoincidents (Aug 02)
- Re: RE: DCOM Exploit MS03-026 attack vectors Richard Spiers (Aug 01)
- RE: RE: DCOM Exploit MS03-026 attack vectors Parker, Jeff (MSE) (Aug 01)
- RE: DCOM Exploit MS03-026 attack vectors Bassett, Mark (Aug 01)
- RE: DCOM Exploit MS03-026 attack vectors Bryan K. Watson (Aug 01)
- Re: DCOM Exploit MS03-026 attack vectors Jeremiah Cornelius (Aug 01)
- Re: DCOM Exploit MS03-026 attack vectors Ron DuFresne (Aug 02)
- RE: DCOM Exploit MS03-026 attack vectors Bryan K. Watson (Aug 01)