Full Disclosure mailing list archives
Re: DCOM RPC exploit (dcom.c)
From: Preston Newton <preston.newton () equipnetworks com>
Date: 30 Jul 2003 14:28:24 -0500
This tool is quite detectable on NT systems. Ran it against one of our NT farms and here is the info that showed up in the NT system log Event ID: 10003 User: n/a Source: DCOM Type: Error Access denied attempting to launch a DCOM Server using DefaultLaunchPermission The server is: {0002DF01........} The user is Unavailable/Unavailable, SID=Unavailable. FYI...... Preston On Tue, 2003-07-29 at 11:26, Robert Banniza wrote:
Just received this from ISS minutes ago...Another RPC vulnerability scanning tool: http://www.iss.net/support/product_utilities/ms03-026rpc.php Couple things we have noticed.... 1) OS identification is pretty much hit and miss 2) We have seen where XP SP1 unpatched doesn't show vulnerable (this patch was previously installed and then un-installed.) However, machine is confirmed vulnerable. Anyone else know what the last column of the output means? i.e. '5.6' or '0.0'? Robert _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- RE: DCOM RPC exploit (dcom.c), (continued)
- RE: DCOM RPC exploit (dcom.c) Marc Maiffret (Jul 28)
- RE: DCOM RPC exploit (dcom.c) Schmehl, Paul L (Jul 28)
- RE: DCOM RPC exploit (dcom.c) Ron DuFresne (Jul 28)
- RE: DCOM RPC exploit (dcom.c) Admin GSecur (Jul 28)
- RE: DCOM RPC exploit (dcom.c) Nick FitzGerald (Jul 28)
- RE: DCOM RPC exploit (dcom.c) Thiago Campos (Jul 28)
- RE: DCOM RPC exploit (dcom.c) John . Airey (Jul 29)
- RE: DCOM RPC exploit (dcom.c) Nick FitzGerald (Jul 29)
- RE: DCOM RPC exploit (dcom.c) Schmehl, Paul L (Jul 29)
- Re: DCOM RPC exploit (dcom.c) Robert Banniza (Jul 29)
- Re: DCOM RPC exploit (dcom.c) Preston Newton (Jul 30)
- RE: DCOM RPC exploit (dcom.c) Ron DuFresne (Jul 29)
- Re: DCOM RPC exploit (dcom.c) Robert Banniza (Jul 29)
- RE: DCOM RPC exploit (dcom.c) Schmehl, Paul L (Jul 29)
- Re: DCOM RPC exploit (dcom.c) Kain (Jul 29)
- RE: DCOM RPC exploit (dcom.c) Myers, Marvin (Jul 29)
- RE: DCOM RPC exploit (dcom.c) Schmehl, Paul L (Jul 29)
- SV: DCOM RPC exploit (dcom.c) Peter Kruse (Jul 29)
- Re: DCOM RPC exploit (dcom.c) Knud Erik Højgaard (Jul 29)
- RE: DCOM RPC exploit (dcom.c) Andy Wood (Jul 29)
- RE: DCOM RPC exploit (dcom.c) Tom H (Jul 29)
- DCOM RPC - DEVESTATING IN SCOPE morning_wood (Jul 30)
- SV: DCOM RPC exploit (dcom.c) Peter Kruse (Jul 29)