NetSDK vulnerable to SQL Slammer

From: Schmehl, Paul L (pauls_at_UTDALLAS.EDU)
Date: 06/16/03

  • Next message: Ken Goods: "Follow up --- RE: New and unique IIS log entries."
    Date:         Mon, 16 Jun 2003 10:42:00 -0500
    To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
    
    

    Every week I scan our network with Foundstone's (may they rest in peace)
    :-) SQLScan. Recently I've been detecting vulnerable computers that
    have NetSDK installed. Since these detections are recent, I surmise
    that CS students are downloading and installing NetSDK so they can do
    development work in the .net architecture.

    Why Microsoft would make this software available **in a vulnerable
    form** is beyond me, but I thought the list should know. It's likely
    that at least some networks have this software installed and are
    therefore vulnerable to another Slammer infection. One possible
    scenario is: a CS student installs NetSDK, logs on to the Internet from
    an external network, get's infected with Slammer, brings his laptop to
    campus and infects the campus network.

    NetSDK Downloads:
    <http://msdn.microsoft.com/netframework/downloads/>

    NetSDK Slammer Patch:
    <http://msdn.microsoft.com/netframework/downloads/updates/sdkfix/faq.asp
    x>

    Foundstone's SQLScan:
    http://www.foundstone.com/
    Look in Home/Resources/Free Tools/Scanning Tools

    Paul Schmehl (pauls@utdallas.edu)
    Adjunct Information Security Officer
    The University of Texas at Dallas
    AVIEN Founding Member
    http://www.utdallas.edu/~pauls/

    oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
    Delivery co-sponsored by TruSecure
    oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
    Free 14-day trial of New Threat & Vulnerability Notification Service

    TruSecure's new IntelliShield(tm) web-based threat and vulnerability
    service isn't your typical alert service. Supported by TruSecure's vast
    intelligence resources - including the ICSA Labs - IntelliShield's early
    warning, analysis, decision support, and threat management tools provide
    organizations with unmatched intelligence to better protect critical
    information assets. Experience it for yourself - just click below to begin
    your free, no obligation 14-day trial today!

    http://www.trusecure.com/offer/s0074/

    oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo


  • Next message: Ken Goods: "Follow up --- RE: New and unique IIS log entries."

    Relevant Pages

    • [NT] CitectSCADA ODBC Service Vulnerability
      ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... Get your security news from a reliable source. ... are distributed in over 80 countries through a network of more than 500 ... A vulnerability was found in CitectSCADA that could allow a remote ...
      (Securiteam)
    • Re: Biometrics
      ... within a network for internal safety reasons and potentially to act as ... source code that is flexible enough to offer external security, ... Chris's distinction between the Internet and "a network" (presumably ... You quote a specific vulnerability below, about DNS, and you then make ...
      (microsoft.public.security)
    • RE: Pentesting vs VA - was Pentesting tool - Commercial
      ... How safe is it to outsource network management to an MSP, ... use site-to-site tunnels, SSL and SNMP V2? ... both vulnerability assessment and penetration testing. ... buy it or download a solution FREE today! ...
      (Pen-Test)
    • RE: MS05-039 Scanner
      ... Retina is able to detect the patch as missing, as Shavlik ... and MBSA do, but we also are ... vulnerable systems on a Class B network because really who has ... they cant truly give you a view of vulnerability within your Class B ...
      (Pen-Test)
    • CERT Advisory CA-2002-12 Format String Vulnerability in ISC DHCPD
      ... The Internet Software Consortium provides a Dynamic Host ... have not seen active scanning or exploitation of this vulnerability. ... NSUPDATE allows the DHCP ... significant impact on your normal network operations. ...
      (Cert)