Full Disclosure mailing list archives
SV: MS03-039 has been released - critical
From: "Peter Kruse" <kruse () krusesecurity dk>
Date: Wed, 10 Sep 2003 23:20:20 +0200
Hi,
"The new DoS vulnerability was disclosed by a hacking group in China on July 25, 2003, and functional exploit code is already in use on the Internet. "
This is well known. However it´s not the BoF exploit. Yet again, the detailed advisory from Eeye makes it fairly easy to write a working exploit. Although I haven´t seen a PoC yet I would expect it to be release shortly. It´s a bit harder to exploit than the previous RPC Dcom weakness but it´s certainly possible. Please note that Eeye has already released an update for Retina Security Scanner and I suppose every script kid, cracker or hacker should be able to sniff to code from Retina going to a remote vulnerable host. You think? CHAM, yeah? I suggest we update RPC - again. Med venlig hilsen // Kind regards Peter Kruse Kruse Security http://www.krusesecurity.dk _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- MS03-039 has been released - critical Ryan, Pete (Sep 10)
- Re: MS03-039 has been released - critical Exibar (Sep 10)
- Re: MS03-039 has been released - critical Mike Tancsa (Sep 10)
- Re: MS03-039 has been released - critical Exibar (Sep 10)
- Re: MS03-039 has been released - critical Exibar (Sep 10)
- Re: MS03-039 has been released - critical Exibar (Sep 10)
- SV: MS03-039 has been released - critical Peter Kruse (Sep 10)
- RE: MS03-039 has been released - critical Marc Maiffret (Sep 10)
- RE: [inbox] RE: MS03-039 has been released - critical Exibar (Sep 10)
- RE: [inbox] RE: MS03-039 has been released - critical Jade E. Deane (Sep 10)
- Re: MS03-039 has been released - critical Mike Tancsa (Sep 10)
- The role of explicit advisories (was: MS03-039 has been released - critical) l8km7gr02 (Sep 11)
- Re: MS03-039 has been released - critical Exibar (Sep 10)
- Re: MS03-039 has been released (DoS) sploit ? Elv1S (Sep 10)
- Re: Re: MS03-039 has been released (DoS) sploit ? Yannick Van Osselaer (Sep 10)
- RE: [inbox] Re: MS03-039 has been released (DoS) sploit ? Exibar (Sep 10)
- <Possible follow-ups>
- RE: MS03-039 has been released - critical Robert Ahnemann (Sep 10)