Full Disclosure mailing list archives
Re: RE: Re: Bad news on RPC DCOM vulnerability
From: Paul Tinsley <pdt () jackhammer org>
Date: Sun, 12 Oct 2003 20:38:27 -0500
Just out of curiosity could you specify why you consider the other one "better code?" The only real differences between the two are that they both "fix" the 'cs+=buf;' line differently which is kind of silly to bother fixing in the first place, considering the function that line of code sits on isn't even called so it should be commented out or deleted to start with. The only other real difference is one decided to use an int main and one uses void main. Well that and the SecurityLab copy breaks part of main with the 'if(argc!=2){' check, as it is meant to have two different modes of operation, one target or a class B.
Mike Gordon wrote:
A compiled version is found at _http://www.SecurityLab.ru/_exploits/rpc3.zip_But it seems to only crash systems.Does any one have a clean complile of the "better code" from _http://www.cyberphreak.ch/sploitz/MS03-039.txt_
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: Bad news on RPC DCOM2 vulnerability, (continued)
- Re: Bad news on RPC DCOM2 vulnerability Alex (Oct 11)
- AW: Bad news on RPC DCOM2 vulnerability Florian Keller (Oct 11)
- Re: Bad news on RPC DCOM2 vulnerability Valdis . Kletnieks (Oct 11)
- Re: Re: Bad news on RPC DCOM vulnerability Vladimir Parkhaev (Oct 10)
- Re: Re: Bad news on RPC DCOM vulnerability V.O. (Oct 10)
- Re: Re: Bad news on RPC DCOM vulnerability Irwan Hadi (Oct 10)
- RE: Re: Bad news on RPC DCOM vulnerability Matthew D. Lammers (Oct 10)
- RE: Re: Bad news on RPC DCOM vulnerability Dimitri Limanovski (Oct 10)
- RE: Bad news on RPC DCOM vulnerability VigilantMinds Security Operations Center (Oct 10)
- RE: Re: Bad news on RPC DCOM vulnerability Mike Gordon (Oct 12)
- Re: RE: Re: Bad news on RPC DCOM vulnerability Paul Tinsley (Oct 12)
- RE: RE: Re: Bad news on RPC DCOM vulnerability Mike Gordon (Oct 12)
- Re: RE: Re: Bad news on RPC DCOM vulnerability Alex (Oct 12)
- RE: RE: Re: Bad news on RPC DCOM vulnerability Brett Moore (Oct 14)
- Re: RE: Re: Bad news on RPC DCOM vulnerability Paul Tinsley (Oct 12)
- RE: RE: Re: Bad news on RPC DCOM vulnerability Mike Gordon (Oct 12)
- Re: RE: Re: Bad news on RPC DCOM vulnerability webheadport80 (Oct 13)
- RE: RE: Re: Bad news on RPC DCOM vulnerability Schmehl, Paul L (Oct 13)
- RE: RE: Re: Bad news on RPC DCOM vulnerability Gordon, Mike (Oct 14)