Re: [Full-Disclosure] MS RPC remote exploit.
From: Stephen (alf1num3rik_at_yahoo.com)
Date: 10/09/03
- Previous message: John Sage: "Re: [Full-Disclosure] Re: I have fixes for the Geeklog vulnerabilities"
- In reply to: Sudharsha Wijesinghe: "[Full-Disclosure] MS RPC remote exploit."
- Next in thread: Curt Purdy: "RE: [inbox] Re: [Full-Disclosure] MS RPC remote exploit."
- Reply: Curt Purdy: "RE: [inbox] Re: [Full-Disclosure] MS RPC remote exploit."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: full-disclosure@lists.netsys.com Date: Thu, 9 Oct 2003 06:45:23 -0700 (PDT)
--- Sudharsha Wijesinghe <sudharsha@digitalhouse.lk>
wrote:
> According to MS there cant be any Remote exploit on
> MS RPC except for a
> DOS attack using 139/135/445.
> How ever the code is available for a shell code.
> has any one tried this exploit?
no remote exploit ?
http://www.k-otik.com/exploits/10.09.rpc2universal.c.php
http://www.k-otik.com/exploits/09.20.rpcdcom2ver1.1.c.php
http://lists.netsys.com/pipermail/full-disclosure/2003-September/009848.html
in MS03-039 we can see :
...There are three newly identified vulnerabilities in
the part of RPCSS ...two that could allow arbitrary
code execution and one that could result in a denial
of service"
Regards.
__________________________________
Do you Yahoo!?
The New Yahoo! Shopping - with improved product search
http://shopping.yahoo.com
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
- Previous message: John Sage: "Re: [Full-Disclosure] Re: I have fixes for the Geeklog vulnerabilities"
- In reply to: Sudharsha Wijesinghe: "[Full-Disclosure] MS RPC remote exploit."
- Next in thread: Curt Purdy: "RE: [inbox] Re: [Full-Disclosure] MS RPC remote exploit."
- Reply: Curt Purdy: "RE: [inbox] Re: [Full-Disclosure] MS RPC remote exploit."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
