Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

RE: DCOM RPC exploit (dcom.c)

From: "Schmehl, Paul L" <pauls () utdallas edu>
Date: Tue, 29 Jul 2003 14:55:30 -0500
-----Original Message-----
From: Robert Banniza [mailto:robert () rootprompt net] 
Sent: Tuesday, July 29, 2003 11:26 AM
To: full-disclosure () lists netsys com
Subject: Re: [Full-disclosure] DCOM RPC exploit (dcom.c)


Just received this from ISS minutes ago...Another RPC 
vulnerability scanning tool:

http://www.iss.net/support/product_utilities/ms03-026rpc.php

Couple things we have noticed....

1) OS identification is pretty much hit and miss
2) We have seen where XP SP1 unpatched doesn't show vulnerable 
(this patch was previously installed and then un-installed.) 
However, machine is confirmed vulnerable.


I did a simple comparison of the two tools on one VLAN.  They both found
the same hosts and they both agreed on which were patched and which were
not patched.


Anyone else know what the last column of the output means? 
i.e. '5.6' or '0.0'?


I didn't see anything on their site explaining what those numbers mean
and both patched and vulnerable machines produced both numbers, so I
have no idea what they mean.

Paul Schmehl (pauls () utdallas edu)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu/~pauls/ 
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: