Full Disclosure mailing list archives
Re: Possibly a stupid question RPC over HTTP
From: Barry Fitzgerald <bkfsec () sdf lonestar org>
Date: Wed, 13 Oct 2004 15:42:07 -0400
Daniel H. Renner wrote:
Daniel, Could you please point out where you read this data? I would like to see this one...
I seem to remember that this was one of the caveats with regard to MSBlast and RPC/DCOM vulnerabilities last year.
In certain configurations, it was theoretically possible (I'd never personally seen any PoC code or worms that exploited it, though) that some RPC calls could be made via RPC over HTML. According to the security bulletin for MS03-026, the service that provides RPC over HTML is COM Internet Services (CIS). From what I recall, it was discussed at the time as a potential infection vector, though CIS is not installed by default on IIS installs. There were, at the time, very few sites that utilized it. Feel free to correct me if I'm wrong, though.
Please see the MS03-026 bulletin for some more points: http://www.microsoft.com/technet/security/bulletin/MS03-026.mspxGo down to the "Frequently asked Questions" section, expand it, and look at the section that discusses CIS for more information. I'm sure that this will give you enough information to do some more searching for further information on current versions of CIS and determining whether they're installed.
-Barry _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Possibly a stupid question RPC over HTTP Daniel Sichel (Oct 12)
- Re: Possibly a stupid question RPC over HTTP ASB (Oct 13)
- Re: Possibly a stupid question RPC over HTTP S G Masood (Oct 13)
- Re: Possibly a stupid question RPC over HTTP Kevin (Oct 14)
- Re: Possibly a stupid question RPC over HTTP S G Masood (Oct 14)
- Re: Possibly a stupid question RPC over HTTP S G Masood (Oct 13)
- <Possible follow-ups>
- Re: Possibly a stupid question RPC over HTTP Daniel H. Renner (Oct 13)
- Re: Possibly a stupid question RPC over HTTP Cory Whitesell (Oct 13)
- Re: Possibly a stupid question RPC over HTTP Sean Milheim (Oct 13)
- Re: Possibly a stupid question RPC over HTTP Barry Fitzgerald (Oct 13)
- Re: Possibly a stupid question RPC over HTTP Shannon Johnston (Oct 13)
- Re: Possibly a stupid question RPC over HTTP Byron L. Sonne (Oct 14)
- Re: Possibly a stupid question RPC over HTTP Maxime Ducharme (Oct 13)
- Re: Possibly a stupid question RPC over HTTP Rodrigo Barbosa (Oct 13)
- RE: Possibly a stupid question RPC over HTTP winter (Oct 14)
- Re: Possibly a stupid question RPC over HTTP Ron DuFresne (Oct 13)
- Re: Possibly a stupid question RPC over HTTP Cory Whitesell (Oct 13)
- Re: Possibly a stupid question RPC over HTTP Matthew Farrenkopf (Oct 13)
- RE: Possibly a stupid question RPC over HTTP Todd Towles (Oct 13)
- Re: Possibly a stupid question RPC over HTTP S G Masood (Oct 14)
- Re: Possibly a stupid question RPC over HTTP Roberto Gomez BolaƱos (Oct 14)
(Thread continues...)
- Re: Possibly a stupid question RPC over HTTP ASB (Oct 13)