Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: DCOM RPC exploit (dcom.c)

From: Preston Newton <preston.newton () equipnetworks com>
Date: 30 Jul 2003 14:28:24 -0500
This tool is quite detectable on NT systems.  Ran it against one of our
NT farms and here is the info that showed up in the NT system log

Event ID: 10003
User: n/a
Source: DCOM
Type: Error

Access denied attempting to launch a DCOM Server using
DefaultLaunchPermission
The server is:
{0002DF01........}
The user is Unavailable/Unavailable, SID=Unavailable.

FYI......
Preston


On Tue, 2003-07-29 at 11:26, Robert Banniza wrote:

Just received this from ISS minutes ago...Another RPC vulnerability
scanning tool:

http://www.iss.net/support/product_utilities/ms03-026rpc.php

Couple things we have noticed....

1) OS identification is pretty much hit and miss
2) We have seen where XP SP1 unpatched doesn't show vulnerable (this
patch was previously installed and then un-installed.) However, machine
is confirmed vulnerable.

Anyone else know what the last column of the output means? i.e. '5.6' or
'0.0'?

Robert

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: