locator exploit
From: Dave Aitel (dave@IMMUNITYSEC.COM)
Date: 02/01/03
- Previous message: Russ: "Revised: Microsoft Security Bulletin - MS02-056"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sat, 1 Feb 2003 01:57:06 -0500 From: Dave Aitel <dave@IMMUNITYSEC.COM> To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
So after writing the RPC locator exploit, I noticed that the service
is not actually vulnerable until it has been initialized
properly. Does anyone have any more information on how often and when
this service is intialized (as opposed to simply started)?
Here is tethereal output illustrating an uninitialized locator service:
192.168.1.101 -> 192.168.1.100 DCERPC Bind: call_id: 5 UUID:
e33c0cc4-0482-101a-bc0c-02608c6ba218 ver 1.0
192.168.1.100 -> 192.168.1.101 DCERPC Bind_ack: call_id: 5 Provider
rejection, reason: Abstract syntax not supported
In my testing environment this is the state of the locator service until
a local user binds to it to begin a lookup.
Other than this, the RPC Locator Service exploit is available as a
CANVAS module. (http://www.immunitysec.com/CANVAS/)
-dave
oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
Delivery co-sponsored by TruSecure Corporation
oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
TICSA - Anniversary Special - Limited Time
Become TICSA certified for just $221.25 US when you register before 3/31/03
with PROMO "TS0103" at www.2test.com. NO membership fees, certification
good for 2 years. Price for international delivery just $296.25 US, with
this offer. Offer cannot be combined with any other special and expires
3/31/03. Visit www.trusecure.com/ticsa for full details.
oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
- Next message: Russ: "Revised: Microsoft Security Bulletin - MS02-071"
- Previous message: Russ: "Revised: Microsoft Security Bulletin - MS02-056"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
