Full Disclosure mailing list archives
Re: MS03-039 has been released - critical
From: "Exibar" <exibar () thelair com>
Date: Wed, 10 Sep 2003 16:47:11 -0400
This has been confirmed, just in case anyone was still fuzzy on this. "039 has 1 DoS and 2 (new) BOs. All of the info in 039 is "new" and doesn't recycle 026 info. Though 039 also includes 026 fixes, of course. Important point - the NEW (ms03-039) bulletin is all NEW info." Exibar ----- Original Message ----- From: "Exibar" <exibar () thelair com> To: <full-disclosure () lists netsys com>; "Mike Tancsa" <mike () sentex net> Sent: Wednesday, September 10, 2003 3:05 PM Subject: Re: [Full-disclosure] MS03-039 has been released - critical
To add to my previous reply. The DoS is the only thing in MS03-039 that
is
"old". The two buffer overflows are brand new and are not the same as MS03-026. These are the real dangers here, not that the DoS isn't dangerous, but the buffer overflows are the keys to the security alert. Does anyone know if there is a 'sploit for the buffer overflows in the wild? Exibar ----- Original Message ----- From: "Mike Tancsa" <mike () sentex net> To: "Exibar" <exibar () thelair com>; <full-disclosure () lists netsys com> Sent: Wednesday, September 10, 2003 2:54 PM Subject: Re: [Full-disclosure] MS03-039 has been released - criticalhttp://xforce.iss.net/xforce/alerts/id/152 says, "The new DoS vulnerability was disclosed by a hacking group in China on July 25, 2003, and functional exploit code is already in use on the Internet. " ---Mike At 01:41 PM 10/09/2003, Exibar wrote:anyone know of a 'sploit for this one yet? Or even proof of conceptcode?----- Original Message ----- From: "Ryan, Pete" <pete.ryan () thomson com> To: <full-disclosure () lists netsys com> Sent: Wednesday, September 10, 2003 12:23 PM Subject: [Full-disclosure] MS03-039 has been released - criticalhttp://www.microsoft.com/technet/treeview/default.asp?url=/technet/security /bulletin/MS03-039.asp -Pete _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- MS03-039 has been released - critical Ryan, Pete (Sep 10)
- Re: MS03-039 has been released - critical Exibar (Sep 10)
- Re: MS03-039 has been released - critical Mike Tancsa (Sep 10)
- Re: MS03-039 has been released - critical Exibar (Sep 10)
- Re: MS03-039 has been released - critical Exibar (Sep 10)
- Re: MS03-039 has been released - critical Exibar (Sep 10)
- SV: MS03-039 has been released - critical Peter Kruse (Sep 10)
- RE: MS03-039 has been released - critical Marc Maiffret (Sep 10)
- RE: [inbox] RE: MS03-039 has been released - critical Exibar (Sep 10)
- RE: [inbox] RE: MS03-039 has been released - critical Jade E. Deane (Sep 10)
- Re: MS03-039 has been released - critical Mike Tancsa (Sep 10)
- The role of explicit advisories (was: MS03-039 has been released - critical) l8km7gr02 (Sep 11)
- Re: MS03-039 has been released - critical Exibar (Sep 10)
- Re: MS03-039 has been released (DoS) sploit ? Elv1S (Sep 10)
- Re: Re: MS03-039 has been released (DoS) sploit ? Yannick Van Osselaer (Sep 10)
- RE: [inbox] Re: MS03-039 has been released (DoS) sploit ? Exibar (Sep 10)