Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: dcom on wyse WinCE systems

From: "James Fields" <jvfields () tds net>
Date: Thu, 9 Oct 2003 17:49:40 -0400
Sorry I can't answer the question directly.  However as an anecdote, let me
tell you we have deployed a bunch of Wyse terminals running XP Embedded for
teleworkers.  A bunch of them got hit with the following virus:

http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_WOMANIZ
.A&VSect=T

This thing did some nasty things to their web browsers and also opened up
IRC connections to a hacker-infested chat server.  While investigating the
security level of the Wyse teriminals after that, we found a lot of holes.
A Nessus scan found a bunch of things, many of which at least crashed the
terminals.  They also come with VNC loaded on them with a default password
of "wyse."  Fun, huh?

----- Original Message -----
From: "cdowns" <cdowns () drippingdead com>
To: <pen-test () securityfocus com>
Sent: Tuesday, October 07, 2003 11:25 AM
Subject: dcom on wyse WinCE systems



Does anyone know if this is remotely exploitable ? I have not seen any
information on Wyse WinCE Winterms in the past.. Here is a reference
link to the device setup im talking about.

http://www.wyse.com/products/winterm/index.htm

Thanks All.

~!>D


--
  - DrippingDead Films -
  downs () drippingdead com
  http://www.drippingdead.com
  Key fingerprint = 56ED 70FC AF9D 3D98 C908  90F9 D93E 0CA7 290E EE37


--------------------------------------------------------------------------

-

Tired of constantly searching the web for the latest exploits?
Tired of using 300 different tools to do one job?
Get CORE IMPACT and get some rest.
www.coresecurity.com/promos/sf_ept2
--------------------------------------------------------------------------

--






---------------------------------------------------------------------------
Tired of constantly searching the web for the latest exploits?
Tired of using 300 different tools to do one job?
Get CORE IMPACT and get some rest.
www.coresecurity.com/promos/sf_ept2
----------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: