Full Disclosure mailing list archives

RE: MS03-039 has been released - critical

From: "Marc Maiffret" <marc () eeye com>
Date: Wed, 10 Sep 2003 15:25:55 -0700

Hi,

Just to cut off any stupid debate, that I promise anyone stepping to will
lose... ;-) Giving details of where a flaw is does not make exploits/worms
happen any more often. The "bad guys" do not need details in order to write
exploits and worms. That is apparent when you look at the first RPC flaw and
how NO details were released yet an exploit and worm were. However, with
details, we can all audit our networks for the flaws, to know systems we
need to fix, and setup IDS/IPS systems to monitor for attackers, whereas we
couldn't without details. Also, we can check to make sure vendors did not
(yet again) screw up and release a patch that does not truly fix a system.

Signed,
Marc Maiffret
Chief Hacking Officer
eEye Digital Security
T.949.349.9062
F.949.349.9538
http://eEye.com/Retina - Network Security Scanner
http://eEye.com/Iris - Network Traffic Analyzer
http://eEye.com/SecureIIS - Stop known and unknown IIS vulnerabilities

| -----Original Message-----
| From: full-disclosure-admin () lists netsys com
| [mailto:full-disclosure-admin () lists netsys com]On Behalf Of Peter Kruse
| Sent: Wednesday, September 10, 2003 2:20 PM
| To: 'Mike Tancsa'; 'Exibar'; full-disclosure () lists netsys com
| Subject: SV: [Full-disclosure] MS03-039 has been released - critical
|
|
| Hi,
|
| > "The new DoS vulnerability was disclosed by a hacking group
| > in China on July 25, 2003, and functional exploit code is
| > already in use on the Internet. "
|
| This is well known. However it´s not the BoF exploit.
|
| Yet again, the detailed advisory from Eeye makes it fairly easy to write
| a working exploit. Although I haven´t seen a PoC yet I would expect it
| to be release shortly. It´s a bit harder to exploit than the previous
| RPC Dcom weakness but it´s certainly possible.
|
| Please note that Eeye has already released an update for Retina Security
| Scanner and I suppose every script kid, cracker or hacker should be able
| to sniff to code from Retina going to a remote vulnerable host. You
| think? CHAM, yeah?
|
| I suggest we update RPC - again.
|
| Med venlig hilsen // Kind regards
|
| Peter Kruse
| Kruse Security
| http://www.krusesecurity.dk
|
|
| _______________________________________________
| Full-Disclosure - We believe in it.
| Charter: http://lists.netsys.com/full-disclosure-charter.html
|

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

MS03-039 has been released - critical Ryan, Pete (Sep 10)
- Re: MS03-039 has been released - critical Exibar (Sep 10)
  - Re: MS03-039 has been released - critical Mike Tancsa (Sep 10)
    - Re: MS03-039 has been released - critical Exibar (Sep 10)
    - Re: MS03-039 has been released - critical Exibar (Sep 10)
    - Re: MS03-039 has been released - critical Exibar (Sep 10)
    - SV: MS03-039 has been released - critical Peter Kruse (Sep 10)
    - RE: MS03-039 has been released - critical Marc Maiffret (Sep 10)
    - RE: [inbox] RE: MS03-039 has been released - critical Exibar (Sep 10)
    - RE: [inbox] RE: MS03-039 has been released - critical Jade E. Deane (Sep 10)
    - The role of explicit advisories (was: MS03-039 has been released - critical) l8km7gr02 (Sep 11)
    - Re: MS03-039 has been released (DoS) sploit ? Elv1S (Sep 10)
    - Re: Re: MS03-039 has been released (DoS) sploit ? Yannick Van Osselaer (Sep 10)
    - RE: [inbox] Re: MS03-039 has been released (DoS) sploit ? Exibar (Sep 10)
  - Re: MS03-039 has been released - critical Jordan Wiens (Sep 10)
  - Re: MS03-039 has been released - critical Maarten (Sep 10)
- <Possible follow-ups>
- RE: MS03-039 has been released - critical Robert Ahnemann (Sep 10)
  - RE: MS03-039 has been released - critical Anthony Aykut (Sep 10)

(Thread continues...)