Full Disclosure mailing list archives

Re: Re: DCOM RPC exploit (dcom.c)

From: "Jennifer Bradley" <jenbradley () webmail co za>
Date: Sun, 27 Jul 2003 18:40:09 +0200

I don't think you were reading the advisories properly... ;)

MSDE (Microsoft SQL Server Desktop Edition) was vulnerable, which many
products use, including Office, Visual Studio .NET, etc.  Just to
refresh your memory, here's a list of products that contain MSDE

http://www.sqlsecurity.com/forum/applicationslistgridall.aspx

So, it is not a corner-case at all, not even in the slightest bit.
VPNs are common enough these days, so the chances of someone VPNing
into a network with an infected or infectable computer is actually
pretty high.

In the same vein, it looks like if a worm is released, it will most
probably be easily transferable into any corporate domain that has
VPNs as well, since every un-patched Windows is vulnerable.

jb

On Sun, 27 Jul 2003 00:41:22 -0700 (PDT) Nathan Seven
(scosol () yahoo com) wrote:

--- Paul Schmehl <pauls () utdallas edu> wrote:


Are you really serious?  Recall Slammer?  There were
networks that were
locked down pretty tight.  Slammer couldn't get in,
right?  Then one
developer who got his unpatched copy of SQL inside
the network, by
logging in through VPN with his infected laptop,
took the entire network
down.


Are *you* serious?

Running MSSQL server on my laptop that I also use to
VPN in is IMO a pretty fucking corner-case...

=====
--
live- http://www.thedenofsin.org/
to- AIM: IMFDUP
penetrate- http://eAnger.org/
_may the bitches set you free_
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


_______________________________________________________________________
LOOK GOOD, FEEL GOOD - WWW.HEALTHIEST.CO.ZA

Cool Connection, Cool Price, Internet Access for R59 monthly @ WebMail
http://www.webmail.co.za/dialup/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

Re: DCOM RPC exploit (dcom.c), (continued)
- - Re: DCOM RPC exploit (dcom.c) H D Moore (Jul 27)
    - Re: DCOM RPC exploit (dcom.c) w g (Jul 27)
- Re: DCOM RPC exploit (dcom.c) dhtml (Jul 26)
  - Re: DCOM RPC exploit w g (Jul 26)
- Re: DCOM RPC exploit (dcom.c) Neeko Oni (Jul 27)
  - Re: DCOM RPC exploit (dcom.c) Valdis . Kletnieks (Jul 27)
    - Re: DCOM RPC exploit (dcom.c) Neeko Oni (Jul 27)
- Re: DCOM RPC exploit (dcom.c) CHeeKY (Jul 27)
  - Re: DCOM RPC exploit (dcom.c) tcpdumb (Jul 27)
    - Re: DCOM RPC exploit (dcom.c) El Guille (Jul 27)
- Re: Re: DCOM RPC exploit (dcom.c) Jennifer Bradley (Jul 27)
- Re: Re: DCOM RPC exploit (dcom.c) Jennifer Bradley (Jul 27)
  - Re: Re: DCOM RPC exploit (dcom.c) David R. Piegdon (Jul 27)
    - Re: Re: DCOM RPC exploit (dcom.c) CHeeKY (Jul 27)
    - Re: DCOM RPC exploit (dcom.c) Justin Shin (Jul 27)
    - Re: DCOM RPC exploit (dcom.c) tcpdumb (Jul 27)
    - Re: DCOM RPC exploit (dcom.c) Nick FitzGerald (Jul 27)
    - Re: Re: DCOM RPC exploit (dcom.c) Dan Stromberg (Jul 28)
    - Re: DCOM RPC exploit (dcom.c) Curt Purdy (Jul 31)
- Re: Re: DCOM RPC exploit (dcom.c) Jennifer Bradley (Jul 27)
- Re: DCOM RPC exploit (dcom.c) dhtml (Jul 27)

(Thread continues...)