Re: SV: [Full-Disclosure] The French BUGTRAQ

From: Cesar (cesarc56_at_yahoo.com)
Date: 07/25/03

  • Next message: Mandrake Linux Security Team: "[Full-Disclosure] MDKSA-2003:066-2 - Updated kernel packages fix multiple vulnerabilities"
    To: full-disclosure@lists.netsys.com
    Date: Fri, 25 Jul 2003 09:16:42 -0700 (PDT)
    
    

    Here is what it looks like The Analysis of LSD's
    Buffer Overrun in Windows RPC Interface

    http://www.xfocus.org/documents/200307/2.html

    Cesar.
    --- Peter Kruse <kruse@krusesecurity.dk> wrote:
    > Hi,
    >
    > From the code:
    > RPC DCOM overflow Vulnerability discoveried by LSD
    > Code by FlashSky,Flashsky xfocus
    > org,benjurry,benjurry xfocus org
    >
    > It sure looks like it ... Better patch up.
    >
    > Med venlig hilsen // Kind regards
    >
    > Peter Kruse
    > Kruse Security
    > http://www.krusesecurity.dk
    >
    > -----Oprindelig meddelelse-----
    > Fra: full-disclosure-admin@lists.netsys.com
    > [mailto:full-disclosure-admin@lists.netsys.com] På
    > vegne af D C
    > Sendt: 25. juli 2003 15:31
    > Til: full-disclosure@lists.netsys.com
    > Emne: Re: [Full-Disclosure] The French BUGTRAQ
    >
    >
    >
    > I noticed there is a an exploit in the archive at
    > http://www.K-otiK.com
    > titled "MS Windows RPC DCOM Interface Buffer
    > Overflow Exploit" (the file
    > itself is 07.21.MS03-026.c). I have not had a
    > chance to review the code
    > closely, yet... is this an exploit based on the
    > Windows RPC advisory
    > released by The Last Stage of Delirium recently?
    >
    >
    >
    >
    > Do you Yahoo!?
    > The New Yahoo! Search - Faster. Easier. Bingo.
    >
    > _______________________________________________
    > Full-Disclosure - We believe in it.
    > Charter:
    http://lists.netsys.com/full-disclosure-charter.html

    __________________________________
    Do you Yahoo!?
    Yahoo! SiteBuilder - Free, easy-to-use web site design software
    http://sitebuilder.yahoo.com
    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html


  • Next message: Mandrake Linux Security Team: "[Full-Disclosure] MDKSA-2003:066-2 - Updated kernel packages fix multiple vulnerabilities"