Full Disclosure mailing list archives

DCOM RPC - DEVESTATING IN SCOPE

From: "morning_wood" <se_cur_ity () hotmail com>
Date: Wed, 30 Jul 2003 01:15:30 -0700

 i think the severity of the RPC exploit cannot be diminished.. this is the
worst remote root compromise i have ever seen and i am literlaly screaming
at everyone i know to patch ASAP. the thought of media attention sonded
plausable.. this should be on the nightly news for the next 2 days minumum.
The ease and swiftness of the exploit makes it second to none in the
potential damage.. as you point out..

Then I ran the win32 binary I compiled from from the c code posted to

this list

against that list of ips.
I assumed that most XP boxes would be SP1.
I got 6 command prompts.
I then ran the same binary looking for Xp with Sp0.
I got 156 command prompts.


i too have experienced these percentages in a block of ip addresses ..
"shocked and awed"

Donnie Werner
http://e2-labs.com
http://exploitlabs.com

PATCH FOR RPC NOW !!!

buh bye
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

Re: DCOM RPC exploit (dcom.c), (continued)
- - - Re: DCOM RPC exploit (dcom.c) Preston Newton (Jul 30)
  - RE: DCOM RPC exploit (dcom.c) Ron DuFresne (Jul 29)
- RE: DCOM RPC exploit (dcom.c) Schmehl, Paul L (Jul 29)
  - Re: DCOM RPC exploit (dcom.c) Kain (Jul 29)
- RE: DCOM RPC exploit (dcom.c) Myers, Marvin (Jul 29)
- RE: DCOM RPC exploit (dcom.c) Schmehl, Paul L (Jul 29)
  - SV: DCOM RPC exploit (dcom.c) Peter Kruse (Jul 29)
    - Re: DCOM RPC exploit (dcom.c) Knud Erik Højgaard (Jul 29)
    - RE: DCOM RPC exploit (dcom.c) Andy Wood (Jul 29)
    - RE: DCOM RPC exploit (dcom.c) Tom H (Jul 29)
    - DCOM RPC - DEVESTATING IN SCOPE morning_wood (Jul 30)
    - RE: DCOM RPC exploit (dcom.c) Mortis (Jul 30)
  - RE: DCOM RPC exploit (dcom.c) Chris Anley (Jul 30)