Full Disclosure mailing list archives
RE: Re[2]: MS03-039 has been released - critical
From: "Derek Soeder" <dsoeder () eeye com>
Date: Thu, 11 Sep 2003 00:06:12 -0700
This question also popped up on NTBugtraq and Marc answered it there. Here's the archived message: http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0309&L=ntbugtraq&P=4 387 To summarize, the new (824146) hotfix changes some behavior that causes older versions of the check to fail (with false positives) in the majority of scanning tools. We updated Retina and the free scanning tool to properly detect both vulnerabilities, so it sounds like you're running an older version. Please make sure to get the latest copy -- the About dialog should say 1.1.0 or higher. You can download the current version of the scanner here: http://www.eeye.com/html/Research/Tools/RPCDCOM.html I hate to come off as plugging =I but I hope this clears up the confusion for everyone who missed the NTBugtraq post... -- Derek
-----Original Message----- From: full-disclosure-admin () lists netsys com [mailto:full-disclosure-admin () lists netsys com]On Behalf Of waces Sent: Wednesday, September 10, 2003 10:55 PM To: full-disclosure () lists netsys com Subject: Re[2]: [Full-disclosure] MS03-039 has been released - critical Dear Jared, Thursday, September 11, 2003, 12:53:12 AM, you wrote: BJ> The eeye tool does a better job at this than the current MS tool... BJ> ... That's quite strange for me. I ran all the patches on one of my servers. After it the Scan-tool form microsoft said: x.x.x.x patched with KB924146 and KB923980 And it's the correct answare. After it I tried DCOM scanning tool from eEye. And it's said this computer is VURNELABLE. Why? Thanks -- Wallner 'Waces' Tamas IT Administrator ScanSoft-Recognita Corp. Phone: +36-1-4128-729 Mobile: +36-30-992-5191
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- RE: MS03-039 has been released - critical, (continued)
- RE: MS03-039 has been released - critical Schmehl, Paul L (Sep 10)
- RE: MS03-039 has been released - critical Caggy, James (Sep 10)
- RE: MS03-039 has been released - critical Jeffrey . Stebelton (Sep 10)
- RE: MS03-039 has been released - critical Jones, David H (Sep 10)
- RE: MS03-039 has been released - critical Bobby, Paul (Sep 10)
- RE: MS03-039 DoS Exploit Elv1S (Sep 10)
- Re: MS03-039 has been released - critical Kurt Seifried (Sep 10)
- RE: MS03-039 has been released - critical LaRose, Dallas (Sep 10)
- RE: MS03-039 has been released - critical Bergeron, Jared (Sep 10)
- Re[2]: MS03-039 has been released - critical waces (Sep 10)
- RE: Re[2]: MS03-039 has been released - critical Derek Soeder (Sep 11)
- Re[4]: MS03-039 has been released - critical waces (Sep 11)
- Re[2]: MS03-039 has been released - critical waces (Sep 10)
- RE: MS03-039 has been released - critical Ryan, Pete (Sep 10)
- RE: MS03-039 has been released - critical Ryan, Pete (Sep 10)
- RE: MS03-039 has been released - critical Steven M. Christey (Sep 10)