Full Disclosure mailing list archives
Re: DCOM MS03-26/MS03-39 Scanners
From: Craig Pratt <craig () strong-box net>
Date: Thu, 11 Sep 2003 18:42:47 -0700
On Thursday, Sep 11, 2003, at 15:53 US/Pacific, Jerry Heidtke wrote:
At about the time I sent the message below, ISS released an update to xfrpcss.exe which apparently resolves some or most of the accuracy problems. Of course, there's no notice of this on their web site, nor does the executable contain any kind of version identification. Don't get me wrong, I appreciate the efforts and generosity of the vendors making these tools freely available. But releasing scanning tools with major accuracy problems, followed by silent upgrades, reallydoes little good to the people who are trying to use these tools to savetheir users, employers, and themselves. Jerry
Has anyone tried Nessus for this? I have it, but I don't have access to vulnerable machines. Well, I should say I don't have access to known-invulnerable machines - there are plenty of the vulnerable variety. ;^)
Nessus plugin 11835: Microsoft RPC Interface Buffer Overrun (KB824416) http://cgi.nessus.org/plugins/dump.php3?id=11835 Craig --- Craig Pratt Strongbox Network Services Inc. mailto:craig AT strong-box.net
-----Original Message----- From: Jerry Heidtke Sent: Thursday, September 11, 2003 4:39 PM To: Jones, David H; full-disclosure () lists netsys com Subject: RE: [Full-disclosure] Foundstone DCOM Scanner Except it mistakenly identifies lots of patched systems as still vulnerable. I've tested five different free tools today. Here's a summary of my results: KB824146Scan.exe Microsoft's scanner. Many errors and accuracy problems. Basically unusable. Command line scanner with flexible input and output options, but can't reliably identify Windows 9x systems, systems with DCOM disabled, or some non-standard systems. PTms03039.exe GUI utility from Positive Technologies (http://www.ptsecurity.com). Scans single addresses only, selectable target port. Reliability unknown. RetinaRPCDCOM.exe GUI utility from Retina. Scans up to Class C. Can save output as text or csv file. Very accurate. Currently version 1.10. xfrpcss.exe Command line scanner from ISS. Can scan unlimited addresses, simple usable output. Not very accurate. Identifies many patched systems as still vulnerable. RPCScan2.exe GUI utility from Foundstone. No limits of scan ranges, can read input file. Can save output as text or csv file. Not very accurate. Identifies many patched systems as still vulnerable, especially NT. I'm looking for something that I can scan almost a whole class B, that is a scriptable command line scanner (STDIO) and that is accurate enough to base decisions on about disconnecting unpatched workstations,in order to try to protect some patient care devices that cannot legallybe patched but must (for now) remain on our production network. I haven't seen anything yet that meets these simple requirements. Jerry -----Original Message----- From: Jones, David H [mailto:Jones.David.H () principal com] Sent: Thursday, September 11, 2003 2:45 PM To: full-disclosure () lists netsys com Subject: [Full-disclosure] Foundstone DCOM Scanner Foundstone has released version 2 of their free scanning tool. IMHO, this is the best, free tool I've found to scan a class b. http://www.foundstone.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
-- This message checked for dangerous content by MailScanner on StrongBox. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Foundstone DCOM Scanner Jones, David H (Sep 11)
- Re: Foundstone DCOM Scanner Chris Sharp (Sep 11)
- Re: Foundstone DCOM Scanner Jarmo Joensuu (Sep 11)
- <Possible follow-ups>
- RE: Foundstone DCOM Scanner Jerry Heidtke (Sep 11)
- RE: Foundstone DCOM Scanner Marc Soda (Sep 11)
- RE: Foundstone DCOM Scanner Byron Copeland (Sep 11)
- RE: Foundstone DCOM Scanner Marc Maiffret (Sep 12)
- RE: Foundstone DCOM Scanner Marc Soda (Sep 11)
- Re: Foundstone DCOM Scanner Chris Sharp (Sep 11)
- RE: Foundstone DCOM Scanner Jerry Heidtke (Sep 11)
- Re: DCOM MS03-26/MS03-39 Scanners Craig Pratt (Sep 20)