Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [NSE] Check for MS06-025 vulnerability in Microsoft RRAS service

From: Richard Miles <richard.k.miles () googlemail com>
Date: Mon, 31 May 2010 13:52:31 +0000
2010/5/31 Dražen Popović <drazen.popovic () fer hr>:

On Mon, 2010-05-31 at 00:49 +0000, Richard Miles wrote:

Interesting. But for the others that required a credential, this
credential need to be a administrative credential? Or it can be a
normal user?

This service is used for managing the network configuration, so admin
privs are required. I must try it to be sure...I'll get back to you.


I'm not telling it's useless, I just want to understand. IF you see
this service, probable you are on a LAN, what is the goal of exploit a
overflow that needs a admin priv if you can just use this priv to log
on the machine? I'm not blaming, I just want to understand.


Nice. This vulnerability is newer then MS08-067?


Well depends...if you're considering the MS designation this vuln is
newer. But the origin of this vuln dates back to 2003 I think.


I mean, what patch by microsoft is newer, because if the newer is
patched is probable that the older will be too, right?



Regards,
Dražen.
--
Laboratory for Systems and Signals
Department of Electronic Systems and Information Processing
Faculty of Electrical Engineering and Computing
University of Zagreb


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: