Penetration Testing mailing list archives
Re: [PEN-TEST] RDS exploit simulation
From: Steve <steve () SECURESOLUTIONS ORG>
Date: Mon, 18 Sep 2000 13:28:56 -0600
Why not just head over to www.wiretrip.net/rfp and read the advisories on it? There should be two of them, the original and an updated one. Rain.Forrest.Puppy does an excellent job of explaining the vulnerability and his script. Yes, version 2.0 is also vulnerable. I have seen and tested boxes that are at IE5.0 and SP6a that are still vulnerable. Regards; Steve Manzuik Moderator - Win2K Security Advice Security Analyst - Bindview RAZOR http://razor.bindview.com -------------------------------------------
-----Original Message----- From: Penetration Testers [mailto:PEN-TEST () SECURITYFOCUS COM]On Behalf Of Oliver Petruzel Sent: Monday, September 18, 2000 12:01 PM To: PEN-TEST () SECURITYFOCUS COM Subject: Re: [PEN-TEST] RDS exploit simulationThis is because you are using patched versions being >>distributed onnewerversions of the Option Pack and MCIS CD's.I actually have stayed away from ALL "option packs" on purpose for that reason. I have been using the NT 4.0 IIS base install and then up to and including Service Pack 4. Which is mdac 2.0. It was my understanding that 2.0 was still vuln. or is it not? right now, I'm unable to find an old enough option pack. The ones I have install mdac 2.1. Perhaps someone can better explain this vuln to me (and everyone else) since it is so common in the wild. Thanks. ./oliver ----------------------------------------------- FREE! The World's Best Email Address @email.com Reserve your name now at http://www.email.com
Current thread:
- [PEN-TEST] RDS exploit simulation Oliver Petruzel (Sep 18)
- Re: [PEN-TEST] RDS exploit simulation Mordechai Ovits (Sep 18)
- Re: [PEN-TEST] RDS exploit simulation Johan Persson (Sep 18)
- <Possible follow-ups>
- Re: [PEN-TEST] RDS exploit simulation Davidson,Sam (Sep 18)
- Re: [PEN-TEST] RDS exploit simulation Oliver Petruzel (Sep 18)
- Re: [PEN-TEST] RDS exploit simulation Oliver Petruzel (Sep 18)
- Re: [PEN-TEST] RDS exploit simulation Steve (Sep 19)