Re: Bad news on RPC DCOM vulnerability

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: Bad news on RPC DCOM vulnerability
From: K-OTiK Security <Special-Alerts@xxxxxxxxxx>
Date: 10 Oct 2003 21:51:22 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

In-Reply-To: <1155962754.20031010184852@xxxxxxxxxxxxxxxx>


as confirmed by 3APA3A and security labs, it seems that the public exploit 
*works* even if the patch MS03-039 is *installed*

This is a highly critical vulnerability - users MUST block vulnerable ports !

Regards.

K-OTik Staff /\\/ http://wwww.k-otik.com



>From: 3APA3A <3APA3A@xxxxxxxxxxxxxxxx>
>
>Dear bugtraq@xxxxxxxxxxxxxxxxx,
>
>There are few bad news on RPC DCOM vulnerability:
>
>1.  Universal  exploit  for  MS03-039  exists in-the-wild, PINK FLOYD is
>again actual.
>2.  It  was  reported  by exploit author (and confirmed), Windows XP SP1
>with  all  security  fixes  installed still vulnerable to variant of the
>same bug. Windows 2000/2003 was not tested. For a while only DoS exploit
>exists,  but  code execution is probably possible. Technical details are
>sent to Microsoft, waiting for confirmation.
>
>Dear  ISPs.  Please  instruct  you customers to use personal fireWALL in
>Windows XP.

Prev by Date: Gallery 1.4 including file vulnerability
Next by Date: SA-20031006 slocate buffer overflow - exploitation proof
Previous by thread: RE: Bad news on RPC DCOM vulnerability
Next by thread: Re: Bad news on RPC DCOM vulnerability
Index(es):
- Date
- Thread