Re: Re: CERT Advisory CA-2003-19 Exploitation of Vulnerabilities in Microsoft RPC Interface (fwd)

[Muhammad Faisal Rauf Danka <mfrd () attitudex com>]

According to VU#326746 this vulnerability is not the same as the vulnerability described in CA-2003-16 (MS03-026), but 
the exploit you mentioned apparently seems to address the same issue, however the exploit name and title is misleading.

Yet if you look at the code then you can find,

short port=135;
 unsigned char buf1[0x1000];
 printf("RPC DCOM DOS Vulnerability discoveried by Xfocus.org\n");
 printf("Code by FlashSky,Flashsky xfocus org,benjurry,benjurry xfocus org\n");
 printf("Welcome to http://www.xfocus.net\n";);
 
And then if you look at the advisory again, you'll find this where the DoS issue is mentioned:

"Exploit code for this vulnerability has been publicly released and also targets TCP port 135. "

So the Exploit is the one you mentioned
Vulnerability Note for that issue is VU#326746 
Advisory link from VU is http://www.xfocus.org/advisories/200307/4.html
Workaround so far, is to filter the ports described in advisory itself.



Regards
--------
Muhammad Faisal Rauf Danka


--- Stephen <alf1num3rik () yahoo com> wrote:
> > There  appears  to  be  a  separate
> > denial-of-service vulnerability in
> > Microsoft's  RPC  interface  that  is  also 
> > being  targeted [...] 
> > Exploit  code  for  this  vulnerability has been
> > publicly released
>
> they are talking about this f**** exploit or another
> ???
>
> http://www.k-otik.com/exploits/07.21.MS03-026.c.php
>
> does the MS03-026 patch correct this shit ?
>
> Regards. Stephen
>
>
>
> --- Muhammad Faisal Rauf Danka <mfrd () attitudex com>
> wrote:
> > Regards
> > --------
> > Muhammad Faisal Rauf Danka
> > Date: Thu, 31 Jul 2003 16:59:41 -0400
> > From: CERT Advisory <cert-advisory () cert org>
> > To: cert-advisory () cert org
> > Subject: CERT Advisory CA-2003-19 Exploitation of
> > Vulnerabilities in Microsoft RPC Interface 
> >
> >
> > -----BEGIN PGP SIGNED MESSAGE-----
> >
> > CERT Advisory CA-2003-19 Exploitation of
> > Vulnerabilities in Microsoft RPC
> > Interface
> >
> >    Original issue date: July 31, 2003
> >    Last revised: -
> >    Source: CERT/CC
> >
> >
> > Appendix B. References
> >
> >      * CERT/CC Vulnerability Note VU#561284 -
> >        http://www.kb.cert.org/vuls/id/561284
> >      * CERT/CC Vulnerability Note VU#326746 -
> >        http://www.kb.cert.org/vuls/id/326746
> >      * Microsoft Security Bulletin MS03-026 -
> >       
> http://microsoft.com/technet/security/bulletin/MS03-026.asp
> >      * Microsoft      Knowledge      Base     
> > article      823980      -
> >        http://support.microsoft.com?kbid=823980
> >   
> ______________________________________________________________________
> >    Authors: Chad Dougherty and Kevin Houle
> >   
> ______________________________________________________________________
> >
> === message truncated ===
>
>
> __________________________________
> Do you Yahoo!?
> Yahoo! SiteBuilder - Free, easy-to-use web site design software
> http://sitebuilder.yahoo.com
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html

_____________________________________________________________
---------------------------
[ATTITUDEX.COM]
http://www.attitudex.com/
---------------------------
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html