AW: [Full-Disclosure] Windows RPC 4 ? [Exploit]
From: Thorsten Mayr (tmayr_at_kitcon.net)
Date: 11/10/03
- Previous message: Bill Royds: "Re: [Full-Disclosure] Windows 2000 Logout events are not monitored!"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: <full-disclosure@lists.netsys.com> Date: Mon, 10 Nov 2003 22:12:24 +0100
afaik this sploit only bypasses stuff like OverflowGuard or StackDefender.
a patched system will not be vulnerable... Ran the manipulated code, never made it through.....
The code equals the first rpc/dcom split codes...
Spent some time with the code - as far as I can say it is no threat at all ;)
But if one knows better - I will be pleased to be teached better
Rgds
Thorsten
> -----Ursprüngliche Nachricht-----
> Von: full-disclosure-admin@lists.netsys.com
> [mailto:full-disclosure-admin@lists.netsys.com] Im Auftrag von Stephen
> Gesendet: Montag, 10. November 2003 21:31
> An: full-disclosure@lists.netsys.com
> Betreff: Re: [Full-Disclosure] Windows RPC 4 ? [Exploit]
>
>
> yes here is the .exe file (attached)
>
> compiled from the k-otik's source
> http://www.k-otik.com/exploits/11.07.rpcexec.c.php
>
> and some offsets added by the othor ...
>
>
>
> --- PhilZ wrote:
> > It's not a new RPC hole :-)
> >
> > It's an exploit for MS03-039.
>
>
> __________________________________
> Do you Yahoo!?
> Protect your identity with Yahoo! Mail AddressGuard
> http://antispam.yahoo.com/whatsnewfree
>
>
> __________________________________
> Do you Yahoo!?
> Protect your identity with Yahoo! Mail AddressGuard
> http://antispam.yahoo.com/whatsnewfree
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
- Previous message: Bill Royds: "Re: [Full-Disclosure] Windows 2000 Logout events are not monitored!"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
