NetSDK vulnerable to SQL Slammer

From: Schmehl, Paul L (pauls_at_UTDALLAS.EDU)
Date: 06/16/03

  • Next message: Ken Goods: "Follow up --- RE: New and unique IIS log entries."
    Date:         Mon, 16 Jun 2003 10:42:00 -0500
    To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
    
    

    Every week I scan our network with Foundstone's (may they rest in peace)
    :-) SQLScan. Recently I've been detecting vulnerable computers that
    have NetSDK installed. Since these detections are recent, I surmise
    that CS students are downloading and installing NetSDK so they can do
    development work in the .net architecture.

    Why Microsoft would make this software available **in a vulnerable
    form** is beyond me, but I thought the list should know. It's likely
    that at least some networks have this software installed and are
    therefore vulnerable to another Slammer infection. One possible
    scenario is: a CS student installs NetSDK, logs on to the Internet from
    an external network, get's infected with Slammer, brings his laptop to
    campus and infects the campus network.

    NetSDK Downloads:
    <http://msdn.microsoft.com/netframework/downloads/>

    NetSDK Slammer Patch:
    <http://msdn.microsoft.com/netframework/downloads/updates/sdkfix/faq.asp
    x>

    Foundstone's SQLScan:
    http://www.foundstone.com/
    Look in Home/Resources/Free Tools/Scanning Tools

    Paul Schmehl (pauls@utdallas.edu)
    Adjunct Information Security Officer
    The University of Texas at Dallas
    AVIEN Founding Member
    http://www.utdallas.edu/~pauls/

    oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
    Delivery co-sponsored by TruSecure
    oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
    Free 14-day trial of New Threat & Vulnerability Notification Service

    TruSecure's new IntelliShield(tm) web-based threat and vulnerability
    service isn't your typical alert service. Supported by TruSecure's vast
    intelligence resources - including the ICSA Labs - IntelliShield's early
    warning, analysis, decision support, and threat management tools provide
    organizations with unmatched intelligence to better protect critical
    information assets. Experience it for yourself - just click below to begin
    your free, no obligation 14-day trial today!

    http://www.trusecure.com/offer/s0074/

    oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo


  • Next message: Ken Goods: "Follow up --- RE: New and unique IIS log entries."