Full Disclosure mailing list archives
Re: Re: CERT Advisory CA-2003-19 Exploitation of Vulnerabilities in Microsoft RPC Interface (fwd)
From: Muhammad Faisal Rauf Danka <mfrd () attitudex com>
Date: Thu, 31 Jul 2003 19:04:29 -0700 (PDT)
According to VU#326746 this vulnerability is not the same as the vulnerability described in CA-2003-16 (MS03-026), but the exploit you mentioned apparently seems to address the same issue, however the exploit name and title is misleading. Yet if you look at the code then you can find, short port=135; unsigned char buf1[0x1000]; printf("RPC DCOM DOS Vulnerability discoveried by Xfocus.org\n"); printf("Code by FlashSky,Flashsky xfocus org,benjurry,benjurry xfocus org\n"); printf("Welcome to http://www.xfocus.net\n"); And then if you look at the advisory again, you'll find this where the DoS issue is mentioned: "Exploit code for this vulnerability has been publicly released and also targets TCP port 135. " So the Exploit is the one you mentioned Vulnerability Note for that issue is VU#326746 Advisory link from VU is http://www.xfocus.org/advisories/200307/4.html Workaround so far, is to filter the ports described in advisory itself. Regards -------- Muhammad Faisal Rauf Danka --- Stephen <alf1num3rik () yahoo com> wrote:
There appears to be a separate denial-of-service vulnerability in Microsoft's RPC interface that is also being targeted [...] Exploit code for this vulnerability has been publicly releasedthey are talking about this f**** exploit or another ??? http://www.k-otik.com/exploits/07.21.MS03-026.c.php does the MS03-026 patch correct this shit ? Regards. Stephen --- Muhammad Faisal Rauf Danka <mfrd () attitudex com> wrote:Regards -------- Muhammad Faisal Rauf Danka Date: Thu, 31 Jul 2003 16:59:41 -0400 From: CERT Advisory <cert-advisory () cert org> To: cert-advisory () cert org Subject: CERT Advisory CA-2003-19 Exploitation of Vulnerabilities in Microsoft RPC Interface -----BEGIN PGP SIGNED MESSAGE----- CERT Advisory CA-2003-19 Exploitation of Vulnerabilities in Microsoft RPC Interface Original issue date: July 31, 2003 Last revised: - Source: CERT/CC Appendix B. References * CERT/CC Vulnerability Note VU#561284 - http://www.kb.cert.org/vuls/id/561284 * CERT/CC Vulnerability Note VU#326746 - http://www.kb.cert.org/vuls/id/326746 * Microsoft Security Bulletin MS03-026 -http://microsoft.com/technet/security/bulletin/MS03-026.asp* Microsoft Knowledge Base article 823980 - http://support.microsoft.com?kbid=823980______________________________________________________________________Authors: Chad Dougherty and Kevin Houle______________________________________________________________________=== message truncated === __________________________________ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
_____________________________________________________________ --------------------------- [ATTITUDEX.COM] http://www.attitudex.com/ --------------------------- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: Re: CERT Advisory CA-2003-19 Exploitation of Vulnerabilities in Microsoft RPC Interface (fwd) Muhammad Faisal Rauf Danka (Jul 31)