RE: [Full-Disclosure] DCOM RPC exploit (dcom.c)

fulldisclosure_at_catholic.org
Date: 07/27/03

  • Next message: KF: "Re: [Full-Disclosure] DCOM RPC exploit (dcom.c)"
    To: <full-disclosure@lists.netsys.com>
    Date: Sun, 27 Jul 2003 15:43:54 -0000 (GMT)
    
    

    24 hours after sending the code to the list, I still beleive it was the
    right thing to do, being already published on the web (metasploit.com) and
    refered to in news article (news.com). From then, it was only a matter of
    hours until someone spill the beans to a mailling list, as I did.

    the 2 weeks "grace" period being too short makes no real difference in the
    outcome, microsoft products need to be constantly updated,and thats a
    fact. People hit by slammer last year had plenty of time (6 month) to
    patch their system, working exploit code was available from the begining
    thru cnhonker.com to exploit MS02-039 month before slammer speaded on the
    web, result ? most of MSSQL servers on the net were still vulnerable when
    the public exploit became so "mainstream" that someone wrote a worm for
    it.

    Code being availlable to exploit a vuln is only a matter of time, sometime
    days (latest cisco vuln) and sometime weeks (webdav)... but history has
    proven us that even with a 6 month "grace" period, many systems remain
    vulnerable.

    If it wasnt of that necessary evil that fulldisclosure is, we would still
    be running vulnerable version of sendmail with the WIZ command enable by
    defalut. (doh)

    Matt LaFlamme
    FD supporter

    Georgi Guninski wrote:

    > Chris Paget wrote:
    >
    >> Personally, I'm tempted to set up my firewall to NAT incoming requests
    on port
    >> 135 to either www.metasploit.com or www.xfocus.org. I know this is the
    >> full-disclosure list, but working exploit code for an issue this huge
    is taking
    >> it a bit far, especially less than 2 weeks after the advisory comes out.
    >>
    >
    > IMHO releasing the exploit is ethical and legal.
    > The root of the problem is m$, they should take responsibility for the
    worms.
    > IIRC the m$ EULA states something like "the product is not fit for any
    purpose". So the exploit is consistent with the m$ EULA, I can't
    understand why you whine.
    > btw, Terry Pratchett has very good writings on IT EULA's and practices -
    check "Good Omens" and a disc world book mentioning a disorganizer.
    >
    > georgi
    >
    >
    >
    > _______________________________________________
    > Full-Disclosure - We believe in it.
    > Charter: http://lists.netsys.com/full-disclosure-charter.html

    -----------------------------------------

    This email was sent using FREE Catholic Online Webmail.
    http://webmail.catholic.org/

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html


  • Next message: KF: "Re: [Full-Disclosure] DCOM RPC exploit (dcom.c)"