Penetration Testing mailing list archives
Re: dcom on wyse WinCE systems
From: "James Fields" <jvfields () tds net>
Date: Thu, 9 Oct 2003 17:49:40 -0400
Sorry I can't answer the question directly. However as an anecdote, let me tell you we have deployed a bunch of Wyse terminals running XP Embedded for teleworkers. A bunch of them got hit with the following virus: http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_WOMANIZ .A&VSect=T This thing did some nasty things to their web browsers and also opened up IRC connections to a hacker-infested chat server. While investigating the security level of the Wyse teriminals after that, we found a lot of holes. A Nessus scan found a bunch of things, many of which at least crashed the terminals. They also come with VNC loaded on them with a default password of "wyse." Fun, huh? ----- Original Message ----- From: "cdowns" <cdowns () drippingdead com> To: <pen-test () securityfocus com> Sent: Tuesday, October 07, 2003 11:25 AM Subject: dcom on wyse WinCE systems
Does anyone know if this is remotely exploitable ? I have not seen any information on Wyse WinCE Winterms in the past.. Here is a reference link to the device setup im talking about. http://www.wyse.com/products/winterm/index.htm Thanks All. ~!>D -- - DrippingDead Films - downs () drippingdead com http://www.drippingdead.com Key fingerprint = 56ED 70FC AF9D 3D98 C908 90F9 D93E 0CA7 290E EE37 --------------------------------------------------------------------------
-
Tired of constantly searching the web for the latest exploits? Tired of using 300 different tools to do one job? Get CORE IMPACT and get some rest. www.coresecurity.com/promos/sf_ept2 --------------------------------------------------------------------------
--
--------------------------------------------------------------------------- Tired of constantly searching the web for the latest exploits? Tired of using 300 different tools to do one job? Get CORE IMPACT and get some rest. www.coresecurity.com/promos/sf_ept2 ----------------------------------------------------------------------------
Current thread:
- dcom on wyse WinCE systems cdowns (Oct 07)
- Re: dcom on wyse WinCE systems James Fields (Oct 10)