Full Disclosure mailing list archives
RE: MS RPC remote exploit.
From: "Trey Mujakporue/UK/Tesco" <trey.mujakporue () uk tesco com>
Date: Fri, 10 Oct 2003 09:23:23 +0100
From my cursory look at the code,(/me is a C rookie) it seems that it
only affects w2k and winXP, does anyone know of any exploit that targets NT4??? Given that question, how hard would it be to code in NT4 functionality?? -----Original Message----- From: full-disclosure-admin () lists netsys com [mailto:full-disclosure-admin () lists netsys com] On Behalf Of Peter Kruse Sent: 09 October 2003 14:27 To: 'Sudharsha Wijesinghe'; full-disclosure () lists netsys com Subject: SV: [Full-disclosure] MS RPC remote exploit. Hi, Systems already updated are not vulnerable to this exploit. The new code is simply improved and is now more "universal". It doesn´t make use of static addresses for jumps which makes the improved code much more dangerous since it will be effective on a large range of different vulnerable Microsoft Windows operativ systems. Kind regards // Med venlig hilsen Peter Kruse CSIS / Kruse Security ApS http://www.krusesecurity.dk - www.csis.dk
-----Oprindelig meddelelse----- Fra: full-disclosure-admin () lists netsys com [mailto:full-disclosure-admin () lists netsys com] På vegne af Sudharsha Wijesinghe Sendt: 9. oktober 2003 14:42 Til: full-disclosure () lists netsys com Emne: [Full-Disclosure] MS RPC remote exploit. According to MS there cant be any Remote exploit on MS RPC except for a DOS attack using 139/135/445. How ever the code is available for a shell code. has any one tried this exploit? Sudharsha _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html -------------------Warning------------------------ This e-mail is from outside Tesco - check that it is genuine. Tesco may monitor and record all e-mails. ---- Disclaimer ---- This is a confidential email. Tesco may monitor and record all emails. The views expressed in this email are those of the sender and not Tesco. Tesco Stores Limited, Tesco House, Delamare Road, Cheshunt, Herts, EN8 9SL: company number 519500. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: [normal] Re: MS RPC remote exploit. What about DCOMbobulator?, (continued)
- Re: [normal] Re: MS RPC remote exploit. What about DCOMbobulator? opticfiber (Oct 09)
- Re: [normal] Re: MS RPC remote exploit. What about DCOMbobulator? Russell Fulton (Oct 09)
- Re: [normal] Re: MS RPC remote exploit. What about DCOMbobulator? Vladimir Parkhaev (Oct 09)
- Re: [normal] Re: MS RPC remote exploit. What about DCOMbobulator? Patrick Brauch (Oct 09)
- Re: [normal] Re: MS RPC remote exploit. What about DCOMbobulator? opticfiber (Oct 09)
- Re: MS RPC remote exploit. Kilian CAVALOTTI (Oct 09)
- RE: MS RPC remote exploit. Nathan (Oct 09)
- Re: MS RPC remote exploit. Stephen (Oct 09)
- RE: [inbox] Re: MS RPC remote exploit. Curt Purdy (Oct 09)
- SV: MS RPC remote exploit. Peter Kruse (Oct 09)
- Re: SV: MS RPC remote exploit. Telefónica Deutschland (Oct 09)
- RE: MS RPC remote exploit. Trey Mujakporue/UK/Tesco (Oct 10)