Re: NetSDK vulnerable to SQL Slammer

knapier_at_CONNECTURE.NET
Date: 06/17/03

  • Next message: Kenneth R. van Wyk: "Open response to draft OIS proposal for handling vulnerabilities"
    Date:         Mon, 16 Jun 2003 18:14:19 -0400
    To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
    
    

    Critical Update to MSDE 2000 for Microsoft .NET Framework SDK Users
    http://www.microsoft.com/downloads/details.aspx?FamilyID=1c4195ce-4007-476a-
    aa71-f9782dfd0818&DisplayLang=en

    -- or --
    MSDE 2000 for Developers Using Visual Studio .NET
    http://www.microsoft.com/downloads/details.aspx?FamilyID=a0dac778-60a6-4b11-
    8aa8-bf12261a303a&DisplayLang=en

    Both address the issue.

    -----Original Message-----
    From: Schmehl, Paul L [mailto:pauls@UTDALLAS.EDU]
    Sent: Monday, June 16, 2003 11:42 AM
    To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
    Subject: NetSDK vulnerable to SQL Slammer

    Every week I scan our network with Foundstone's (may they rest in peace)
    :-) SQLScan. Recently I've been detecting vulnerable computers that
    have NetSDK installed. Since these detections are recent, I surmise
    that CS students are downloading and installing NetSDK so they can do
    development work in the .net architecture.

    Why Microsoft would make this software available **in a vulnerable
    form** is beyond me, but I thought the list should know. It's likely
    that at least some networks have this software installed and are
    therefore vulnerable to another Slammer infection. One possible
    scenario is: a CS student installs NetSDK, logs on to the Internet from
    an external network, get's infected with Slammer, brings his laptop to
    campus and infects the campus network.

    NetSDK Downloads:
    <http://msdn.microsoft.com/netframework/downloads/>

    NetSDK Slammer Patch:
    <http://msdn.microsoft.com/netframework/downloads/updates/sdkfix/faq.asp
    x>

    Foundstone's SQLScan:
    http://www.foundstone.com/
    Look in Home/Resources/Free Tools/Scanning Tools

    Paul Schmehl (pauls@utdallas.edu)
    Adjunct Information Security Officer
    The University of Texas at Dallas
    AVIEN Founding Member
    http://www.utdallas.edu/~pauls/

    oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
    Delivery co-sponsored by TruSecure
    oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
    Free 14-day trial of New Threat & Vulnerability Notification Service

    TruSecure's new IntelliShield(tm) web-based threat and vulnerability
    service isn't your typical alert service. Supported by TruSecure's vast
    intelligence resources - including the ICSA Labs - IntelliShield's early
    warning, analysis, decision support, and threat management tools provide
    organizations with unmatched intelligence to better protect critical
    information assets. Experience it for yourself - just click below to begin
    your free, no obligation 14-day trial today!

    http://www.trusecure.com/offer/s0074/

    oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo

    oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
    Delivery co-sponsored by TruSecure
    oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
    Free 14-day trial of New Threat & Vulnerability Notification Service

    TruSecure's new IntelliShield(tm) web-based threat and vulnerability
    service isn't your typical alert service. Supported by TruSecure's vast
    intelligence resources - including the ICSA Labs - IntelliShield's early
    warning, analysis, decision support, and threat management tools provide
    organizations with unmatched intelligence to better protect critical
    information assets. Experience it for yourself - just click below to begin
    your free, no obligation 14-day trial today!

    http://www.trusecure.com/offer/s0074/

    oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo


  • Next message: Kenneth R. van Wyk: "Open response to draft OIS proposal for handling vulnerabilities"

    Relevant Pages

    • Re: NetSDK vulnerable to SQL Slammer
      ... Engine (MSDE). ... NetSDK vulnerable to SQL Slammer ... Free 14-day trial of New Threat & Vulnerability Notification Service ...
      (NT-Bugtraq)
    • Re: NetSDK vulnerable to SQL Slammer
      ... Which version of Visual Studio 2003 are you referring to? ... Free 14-day trial of New Threat & Vulnerability Notification Service ... intelligence resources - including the ICSA Labs - IntelliShield's early ...
      (NT-Bugtraq)
    • Re: Administrivia: Response to OIS Draft on "Security Vulnerability and Response Process"
      ... Subject: Administrivia: Response to OIS Draft on "Security Vulnerability ... Free 14-day trial of New Threat & Vulnerability Notification Service ... intelligence resources - including the ICSA Labs - IntelliShield's early ...
      (NT-Bugtraq)
    • [Full-disclosure] CVE-2013-0634 Original sample can not be confirmed until now
      ... entity that claimed to be first to find the threat in the wild. ... That's why in vulnerability assessment and research, is not a mere request, ... Adobe claimed to find CVE-2013-0634 in the wild in websites (is plural, ...
      (Full-Disclosure)
    • NetSDK vulnerable to SQL Slammer
      ... Every week I scan our network with Foundstone's ... have NetSDK installed. ... that CS students are downloading and installing NetSDK so they can do ... Free 14-day trial of New Threat & Vulnerability Notification Service ...
      (NT-Bugtraq)