[59926] in North American Network Operators' Group
Re: Windows DCOM exploit (was Re: What you don't want to hear from
daemon@ATHENA.MIT.EDU (George Bakos)
Fri Jul 25 16:03:49 2003
Date: Fri, 25 Jul 2003 16:01:16 -0400
From: George Bakos <gbakos@ists.dartmouth.edu>
To: "Ingevaldson, Dan (ISS Atlanta)" <dsi@iss.net>
Cc: <jtk@depaul.edu>, <nanog@merit.edu>
In-Reply-To: <226A79C4618AD945B527EA7F475EA2C6320F45@atlmaiexcp01.iss.local>
Errors-To: owner-nanog-outgoing@merit.edu
HD Moore released one today that returns a Local System shell on port 4444. I've run it in the lab and, as expected of all HD code, works consistantly.
g
On Fri, 25 Jul 2003 15:56:57 -0400
"Ingevaldson, Dan (ISS Atlanta)" <dsi@iss.net> wrote:
> George-
>
> Which exploit are you referring to? There are several floating around.
> Many of them are misrepresented as MS03-026 exploits. There was another
> vulnerability disclosed that only causes a DoS condition--no remote
> compromise.
>
> Regards,
> ===============================
> Daniel Ingevaldson
> Engineering Manager, X-Force R&D
> dsi@iss.net
> 404-236-3160
>
> Internet Security Systems, Inc.
> The Power to Protect
> http://www.iss.net
> ===============================
>
>
> -----Original Message-----
> From: George Bakos [mailto:gbakos@ists.dartmouth.edu]
> Sent: Friday, July 25, 2003 3:47 PM
> Cc: jtk@depaul.edu; nanog@merit.edu
> Subject: Windows DCOM exploit (was Re: What you don't want to hear from
> a peer)
>
>
>
> On Fri, 25 Jul 2003 14:29:13 -0500
> John Kristoff <jtk@depaul.edu> wrote:
>
> > Maybe it'll help start the weekend with a smile.
>
> Smile for now; it probably won't last. The Windows DCOM exploit that was
> released today, works perfectly. BTW, how many residential networks
> (worm
> fodder) really need port 135/tcp open, anyway?
>
> And I thought I would have time to split some cordwood today. Rats.
>
George Bakos
Institute for Security Technology Studies - IRIA
Dartmouth College
gbakos@ists.dartmouth.edu
603.646.0665 -voice
603.646.0666 -fax
