Full Disclosure mailing list archives
RE: A few quick questions about the SQL Sapphire Worm
From: "Marc Maiffret" <marc () eeye com>
Date: Sat, 25 Jan 2003 09:34:47 -0800
1. Its not even bad enough that people are not firewalling... they are not patching. 2. Yes there are proof of concept exploits out there for the vulnerability that Sapphire uses. One of those was by lion () cnhonker net. You can check it out on: http://www.cnhonker.net/index.php http://www.cnhonker.net/Files/show.php?id=167 Signed, Marc Maiffret Chief Hacking Officer eEye Digital Security T.949.349.9062 F.949.349.9538 http://eEye.com/Retina - Network Security Scanner http://eEye.com/Iris - Network Traffic Analyzer http://eEye.com/SecureIIS - Stop known and unknown IIS vulnerabilities | -----Original Message----- | From: full-disclosure-admin () lists netsys com | [mailto:full-disclosure-admin () lists netsys com]On Behalf Of Richard M. | Smith | Sent: Saturday, January 25, 2003 8:51 AM | To: 'Full-Disclosure'; 'Richard M. Smith' | Subject: [Full-disclosure] A few quick questions about the SQL Sapphire | Worm | | | Hi, | | I have a few quick questions about this new SQL Sapphire worm: | | 1. The worm spreads via UDP port 1434. Shouldn't | all firewalls already be blocking this port? | | 2. Did anyone ever publish sample exploit code for the | MS02-039 security hole that the Sapphire worm uses? | If so, what's the URL for the sample code? | | Thanks, | Richard M. Smith | http://www.ComputerBytesMan.com | | _______________________________________________ | Full-Disclosure - We believe in it. | Charter: http://lists.netsys.com/full-disclosure-charter.html | _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- SQL Sapphire Worm Analysis Marc Maiffret (Jan 25)
- A few quick questions about the SQL Sapphire Worm Richard M. Smith (Jan 25)
- RE: A few quick questions about the SQL Sapphire Worm Marc Maiffret (Jan 25)
- A few quick questions about the SQL Sapphire Worm Richard M. Smith (Jan 25)