Full Disclosure mailing list archives
RE: DCOM Exploit MS03-026 attack vectors
From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Sat, 02 Aug 2003 21:50:19 +1200
"Bassett, Mark" <mbassett () omaha com> to me:
Well, it is the most widely supported default interface that is vulnerable. It would be a very unusual machine that is vulnerable on some other port and _NOT_ on 135, so what is the payoff for writing an exploit (at least a "prrof of concept") that tries other ports?Because 9 times out of 10 port 135 is blocked by some sort of firewall, whilst port 80 is not blocked on a web server.
Yes, and about 999,999 times out of a million the target machines won't have ncacn_http enabled and thus it is moot whether they also have the equally rare COM Internet Services enabled. My (rhetorical) question was what is the payoff for trying those other oddball ports. The point was that the services that have to enabled for this to be exploited over port 80 are so rare as to probably be considered severely endangered, if not extinct. Regards, Nick FitzGerald _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- RE: DCOM Exploit MS03-026 attack vectors, (continued)
- RE: DCOM Exploit MS03-026 attack vectors Brad Bemis (Jul 31)
- RE: DCOM Exploit MS03-026 attack vectors Paul Tinsley (Aug 01)
- RE: DCOM Exploit MS03-026 attack vectors Jasper Blackwell (Jul 31)
- Re: RE: DCOM Exploit MS03-026 attack vectors Richard Spiers (Aug 01)
- Re: RE: DCOM Exploit MS03-026 attack vectors Geoincidents (Aug 02)
- Re: RE: DCOM Exploit MS03-026 attack vectors Richard Spiers (Aug 01)
- RE: RE: DCOM Exploit MS03-026 attack vectors Parker, Jeff (MSE) (Aug 01)
- RE: DCOM Exploit MS03-026 attack vectors Bassett, Mark (Aug 01)
- RE: DCOM Exploit MS03-026 attack vectors Bryan K. Watson (Aug 01)
- Re: DCOM Exploit MS03-026 attack vectors Jeremiah Cornelius (Aug 01)
- Re: DCOM Exploit MS03-026 attack vectors Ron DuFresne (Aug 02)
- RE: DCOM Exploit MS03-026 attack vectors Bryan K. Watson (Aug 01)
- RE: DCOM Exploit MS03-026 attack vectors Nick FitzGerald (Aug 02)
- RE: DCOM Exploit MS03-026 attack vectors Brad Bemis (Jul 31)