Full Disclosure mailing list archives
Re: DCOM RPC exploit (dcom.c)
From: Robert Wesley McGrew <rwm8 () CSE MsState EDU>
Date: Mon, 28 Jul 2003 12:40:17 -0500 (CDT)
To answer my own question, I just noticed this on the metasploit site : "Update: A return address has been identified for both Windows 2000 and Windows XP that works independent of the service pack. This information can be easily obtained by analyzing the DLL's that are loaded by the svchost.exe process" On Mon, 28 Jul 2003, Robert Wesley McGrew wrote:
2) For this DCOM RPC problem in particular, everyone's talking about worms. How would the worm know what return address to use? Remote OS fingerprinting would mean it would be relatively large, slow, and unreliable (compared with Slammer), and sticking with one would cause more machines to just crash than to spread the worm. I haven't looked into this very closely yet to see if it can be generalized.
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: DCOM RPC exploit (dcom.c), (continued)
- Re: DCOM RPC exploit (dcom.c) Jason (Jul 27)
- Re: DCOM RPC exploit (dcom.c) Paul Schmehl (Jul 27)
- Re: DCOM RPC exploit (dcom.c) Jason (Jul 27)
- Re: DCOM RPC exploit (dcom.c) Paul Schmehl (Jul 27)
- Re: DCOM RPC exploit (dcom.c) Nick FitzGerald (Jul 27)
- Re: DCOM RPC exploit (dcom.c) Jason (Jul 27)
- Re: DCOM RPC exploit (dcom.c) Paul Schmehl (Jul 27)
- Re: DCOM RPC exploit (dcom.c) Ron DuFresne (Jul 27)
- Re: DCOM RPC exploit (dcom.c) Jason (Jul 28)
- Re: DCOM RPC exploit (dcom.c) Robert Wesley McGrew (Jul 28)
- Re: DCOM RPC exploit (dcom.c) Robert Wesley McGrew (Jul 28)
- Re: DCOM RPC exploit (dcom.c) Ron DuFresne (Jul 27)
- Re: DCOM RPC exploit (dcom.c) Paul Schmehl (Jul 27)
- Re: DCOM RPC exploit (dcom.c) Knud Erik Højgaard (Jul 27)
- Re: DCOM RPC exploit (dcom.c) Paul Schmehl (Jul 27)
- Re: DCOM RPC exploit (dcom.c) Nathan Seven (Jul 27)
- Re: DCOM RPC exploit (dcom.c) security snot (Jul 27)
- Re: DCOM RPC exploit (dcom.c) Blue Boar (Jul 27)