Full Disclosure mailing list archives
Re: DCOM RPC exploit (dcom.c)
From: Georgi Guninski <guninski () guninski com>
Date: Sun, 27 Jul 2003 15:04:16 +0300
Chris Paget wrote:
Personally, I'm tempted to set up my firewall to NAT incoming requests on port 135 to either www.metasploit.com or www.xfocus.org. I know this is the full-disclosure list, but working exploit code for an issue this huge is taking it a bit far, especially less than 2 weeks after the advisory comes out.
IMHO releasing the exploit is ethical and legal. The root of the problem is m$, they should take responsibility for the worms.IIRC the m$ EULA states something like "the product is not fit for any purpose". So the exploit is consistent with the m$ EULA, I can't understand why you whine. btw, Terry Pratchett has very good writings on IT EULA's and practices - check "Good Omens" and a disc world book mentioning a disorganizer.
georgi _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: DCOM RPC exploit (dcom.c), (continued)
- Re: DCOM RPC exploit (dcom.c) Robert Wesley McGrew (Jul 28)
- Re: DCOM RPC exploit (dcom.c) Ron DuFresne (Jul 27)
- Re: DCOM RPC exploit (dcom.c) Paul Schmehl (Jul 27)
- Re: DCOM RPC exploit (dcom.c) Knud Erik Højgaard (Jul 27)
- Re: DCOM RPC exploit (dcom.c) Paul Schmehl (Jul 27)
- Re: DCOM RPC exploit (dcom.c) Nathan Seven (Jul 27)
- Re: DCOM RPC exploit (dcom.c) Neeko Oni (Jul 26)
- Re: DCOM RPC exploit (dcom.c) Blue Boar (Jul 26)
- Re: DCOM RPC exploit (dcom.c) security snot (Jul 27)
- Re: DCOM RPC exploit (dcom.c) Blue Boar (Jul 27)
- Re: DCOM RPC exploit (dcom.c) Chris Paget (Jul 27)
- Re: DCOM RPC exploit (dcom.c) Valdis . Kletnieks (Jul 27)
- Re: DCOM RPC exploit (dcom.c) w g (Jul 27)
- Re: DCOM RPC exploit w g (Jul 26)
- Re: DCOM RPC exploit (dcom.c) Valdis . Kletnieks (Jul 27)
- Re: DCOM RPC exploit (dcom.c) Neeko Oni (Jul 27)