Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Re: Bad news on RPC DCOM vulnerability

From: "V.O." <vosipov () tpg com au>
Date: Sat, 11 Oct 2003 11:29:44 +1000
There is not much info there, the site basically goes on saying that somebody
("karlss0n") posted the exploit  http://www.securitylab.ru/_exploits/rpc2.c.txt
to their bbs, the exploit is not using fixed jump addresses, which makes it work
with several versions of Windows. 

Then somebody has tried it against a patched XP and it seems to be working. 
Currently this exploit can be used for a shell on an unpatched (ms03-039) XP
(they say you need to put a shellcode into file bshell2 and fix a couple of
offsets, the sample code is at http://www.securitylab.ru/_exploits/shell.asm.txt)

On a patched XP this sploit only produces a DoS.

the discussion is here -
http://forum.securitylab.ru/forum_posts.asp?TID=5642&PN=1&TPN=3 ,more
informative, they talk about using SEH.

P.S.  I am not associated with anybody from this site/posting in; I am simply
translating the site for those who cannot read Russian, because online
translators are shite :)


Quoting Bobby Brown <bbrown () netsecadmin com>:


So I can "assume" no other information is posted, other than this site, to
collaborate the RPC issue is not resolved or should we all try to translate
this site using the helpful hints, which they are?


BB


-----Original Message-----
From: full-disclosure-admin () lists netsys com
[mailto:full-disclosure-admin () lists netsys com]On Behalf Of petard
Sent: Friday, October 10, 2003 4:40 PM
To: Brown, Bobby (US - Hermitage)
Cc: full-disclosure () lists netsys com
Subject: Re: [Full-disclosure] Re: Bad news on RPC DCOM vulnerability


On Fri, Oct 10, 2003 at 03:34:04PM -0400, Brown, Bobby (US - Hermitage)
wrote:

For us that can not interpret the site, what more information can be
provided.

Bobby


FYI, the site is in Russian. Here are the steps for enlightening yourself:

1. Visit your favorite search engine.
2. Type the words "online translator russian" (without quotation marks) into
the query field.
3. Visit one of the many free or paid translating services that are listed
there.
4. Select your preferred language (English, I'd wager), enter the URL, and
let
the translator go to work.
5. Read the slightly stilted but informative result.

FWIW, entering that query into google and clicking "I'm feeling lucky" gives
good
results.

Good luck.

HTH,

petard


--
If your message really might be confidential, download my PGP key here:
http://petard.freeshell.org/petard.asc
and encrypt it. Otherwise, save bandwidth and lose the disclaimer.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html






_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: