[41638] in bugtraq
Re: [Full-disclosure] Re: [EEYEB-20050523] Windows Kernel APC
daemon@ATHENA.MIT.EDU (Tom Ferris)
Wed Dec 14 15:17:14 2005
Date: Tue, 13 Dec 2005 13:22:38 -0800 (PST)
From: Tom Ferris <tommy@security-protocols.com>
To: Dave Korn <davek_throwaway@hotmail.com>
Cc: full-disclosure@lists.grok.org.uk, bugtraq@securityfocus.com
In-Reply-To: <dnn99p$fbo$1@sea.gmane.org>
Message-ID: <Pine.LNX.4.63.0512131319460.3140@secpro.servermatrix.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
Retina can do remote registry, and file version checks with the proper
credentials. So more than likely, its doing a registry check for the
hotfix.
Tom Ferris
Researcher
www.security-protocols.com
Key fingerprint = 0DFA 6275 BA05 0380 DD91 34AD C909 A338 D1AF 5D78
On Tue, 13 Dec 2005, Dave Korn wrote:
> Joshua Russel wrote in
> news:7a282fc30512131028g40d65517k2254283bfecec6db@mail.gmail.com
>> It is a local vulnerability, then how does Retina claims to scan it
>> remotely?
>
> Well, at a guess....
>
>> On 12/13/05, Advisories <Advisories@eeye.com> wrote:
>
>>> Systems Affected:
>>> Windows NT 4.0
>>> Windows 2000
>
>>> Beginning with Windows XP, KeFlushQueueApc contains a code fix that
>>> resolves this vulnerability.
>
> ... it just looks to see if the O/S is XP/2K3 or NT/2K.
>
> cheers,
> DaveK
> --
> Can't think of a witty .sigline today....
>
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
