Full Disclosure mailing list archives
DCOM RPC - DEVESTATING IN SCOPE
From: "morning_wood" <se_cur_ity () hotmail com>
Date: Wed, 30 Jul 2003 01:15:30 -0700
i think the severity of the RPC exploit cannot be diminished.. this is the worst remote root compromise i have ever seen and i am literlaly screaming at everyone i know to patch ASAP. the thought of media attention sonded plausable.. this should be on the nightly news for the next 2 days minumum. The ease and swiftness of the exploit makes it second to none in the potential damage.. as you point out..
Then I ran the win32 binary I compiled from from the c code posted to
this list
against that list of ips. I assumed that most XP boxes would be SP1. I got 6 command prompts. I then ran the same binary looking for Xp with Sp0. I got 156 command prompts.
i too have experienced these percentages in a block of ip addresses .. "shocked and awed" Donnie Werner http://e2-labs.com http://exploitlabs.com PATCH FOR RPC NOW !!! buh bye _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: DCOM RPC exploit (dcom.c), (continued)
- Re: DCOM RPC exploit (dcom.c) Preston Newton (Jul 30)
- RE: DCOM RPC exploit (dcom.c) Ron DuFresne (Jul 29)
- RE: DCOM RPC exploit (dcom.c) Schmehl, Paul L (Jul 29)
- Re: DCOM RPC exploit (dcom.c) Kain (Jul 29)
- RE: DCOM RPC exploit (dcom.c) Myers, Marvin (Jul 29)
- RE: DCOM RPC exploit (dcom.c) Schmehl, Paul L (Jul 29)
- SV: DCOM RPC exploit (dcom.c) Peter Kruse (Jul 29)
- Re: DCOM RPC exploit (dcom.c) Knud Erik Højgaard (Jul 29)
- RE: DCOM RPC exploit (dcom.c) Andy Wood (Jul 29)
- RE: DCOM RPC exploit (dcom.c) Tom H (Jul 29)
- DCOM RPC - DEVESTATING IN SCOPE morning_wood (Jul 30)
- RE: DCOM RPC exploit (dcom.c) Mortis (Jul 30)
- SV: DCOM RPC exploit (dcom.c) Peter Kruse (Jul 29)