Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

RE : [inbox] Re: MS03-039 has been released (DoS) sploit ?

From: Réda Zitouni <Reda.Zitouni () vigilante com>
Date: Thu, 11 Sep 2003 05:15:31 +0200
Seems guys you are mistaking. Here is the NSfocus advisory. In fact they
found (as the M$ advisory is not clear on the subject) the 2nd
BoF(CAN-2003-0528
<http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0528> )  and
not the DoS. The one you are talking of is an old (few weeks)
vulnerability related to MS03-026 found by Ben Jurry.
 
http://www.nsfocus.com/english/homepage/research/0306.htm
 

Reda Zitouni

Security Engineer

VIGILANTe - France

http://www.VIGILANTe.com <outbind://157/BLOCKED> 

 



  _____  

De : Exibar [mailto:exibar () thelair com] 
Envoyé : jeudi 11 septembre 2003 01:58
À : Elv1S; full-disclosure () lists netsys com


Sure looks that way, especially with the 7/21 datestamp for the
directory and in the page name :-)
 
  It's *very* unlikely that we see a worm that acts on the DoS vuln,
it's just too much work.  The BoF's are the ones that has my attention
and need to patch urgently.
 
  Exibar

        -----Original Message-----
        From: full-disclosure-admin () lists netsys com
[mailto:full-disclosure-admin () lists netsys com]On Behalf Of Elv1S
        Sent: Wednesday, September 10, 2003 6:49 PM
        To: full-disclosure () lists netsys com
        Subject: [inbox] [Full-disclosure] Re: MS03-039 has been
released (DoS) sploit ?
        
        
        thinkin' that they talking about the xfocus sploit public since
07-21 ? for the DoS vuln MS03-032
         
        true or not ?
         
        http://www.k-otik.com/exploits/07.21.win2kdos.c.php


        Mike Tancsa <mike () sentex net> wrote:


                http://xforce.iss.net/xforce/alerts/id/152 says,
                
                "The new DoS vulnerability was disclosed by a hacking
group in China on
                July 25, 2003, and functional exploit code is already in
use on the
                Internet. "
                
                ---Mike
                
                
                At 01:41 PM 10/09/2003, Exibar wrote:
                >anyone know of a 'sploit for this one yet? Or even
proof of concept code?
                >
                >
                >----- Original Message -----
                >From: "Ryan, Pete" 
                >To: 
                >Sent: Wednesday, September 10, 2003 12:23 PM
                >Subject: [Full-disclosure] MS03-039 has been released -
critical
                >
                >
                > >
                > >
        

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/secu

rity/
                > > bulletin/MS03-039.asp
                > >
                > > -Pete
                > >
                > > _______________________________________________
                > > Full-Disclosure - We believe in it.
                > > Charter:
http://lists.netsys.com/full-disclosure-charter.html
                >
                >_______________________________________________
                >Full-Disclosure - We believe in it.
                >Charter:
http://lists.netsys.com/full-disclosure-charter.html
                
                _______________________________________________
                Full-Disclosure - We believe in it.
                Charter:
http://lists.netsys.com/full-disclosure-charter.html

        
  _____  

        Do you Yahoo!?
        Yahoo! SiteBuilder
<http://us.rd.yahoo.com/evt=10469/*http://sitebuilder.yahoo.com>  -
Free, easy-to-use web site design software
Previous By Date Next
Previous By Thread Next

Current thread: