[33649] in bugtraq
Re: [Full-Disclosure] Another Low Blow From Microsoft: MBSA Failure!
daemon@ATHENA.MIT.EDU (Valdis.Kletnieks@vt.edu)
Thu Feb 12 10:55:43 2004
Message-Id: <200402111412.i1BEC9pB020803@turing-police.cc.vt.edu>
To: morning_wood <se_cur_ity@hotmail.com>
Cc: full-disclosure@lists.netsys.com, bugtraq@securityfocus.com,
patchmanagement@listserv.patchmanagement.org, dotsecure@hushmail.com
In-Reply-To: Your message of "Tue, 10 Feb 2004 20:14:08 PST."
<Law11-OE65ZsJIDhvVv0003c24e@hotmail.com>
From: Valdis.Kletnieks@vt.edu
Mime-Version: 1.0
Content-Type: multipart/signed; boundary="==_Exmh_497262106P";
micalg=pgp-sha1; protocol="application/pgp-signature"
Content-Transfer-Encoding: 7bit
Date: Wed, 11 Feb 2004 09:12:09 -0500
--==_Exmh_497262106P
Content-Type: text/plain; charset=us-ascii
On Tue, 10 Feb 2004 20:14:08 PST, morning_wood <se_cur_ity@hotmail.com> said:
> did you try exploit code to verify? that should dispel any ambiguity
> across scanner reports, it would be real easy to load your network
> hosts into a batch file or shell script and see how many "roots" you get.
Given the number of cases we see of somebody posting an actual PoC for
a vulnerability that *doesn't* *work* on some machines, I'd really hate
to bet my security on "Oh, the exploit we tried didn't work, we must be
safe".
Remember - if the exploit works, you have a problem. Failure of the
exploit to work does NOT mean you don't have a problem - somebody with
a different version that has a critical offset set to 4 more or less
may make swiss cheese of your network.
--==_Exmh_497262106P
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
Comment: Exmh version 2.5 07/13/2001
iD8DBQFAKjg5cC3lWbTT17ARAlkWAJ9jTRsNIphtZwQflgqPJwKVJCsdxgCg8vUm
+1pH47FxRJNqyAvz9ib3j0Y=
=dDsT
-----END PGP SIGNATURE-----
--==_Exmh_497262106P--
