Re: NetSDK vulnerable to SQL Slammer

knapier_at_CONNECTURE.NET
Date: 06/17/03

  • Next message: Kenneth R. van Wyk: "Open response to draft OIS proposal for handling vulnerabilities" 
    Date:         Mon, 16 Jun 2003 18:14:19 -0400
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM

    Critical Update to MSDE 2000 for Microsoft .NET Framework SDK Users
    http://www.microsoft.com/downloads/details.aspx?FamilyID=1c4195ce-4007-476a-
    aa71-f9782dfd0818&DisplayLang=en

    -- or --
    MSDE 2000 for Developers Using Visual Studio .NET
    http://www.microsoft.com/downloads/details.aspx?FamilyID=a0dac778-60a6-4b11-
    8aa8-bf12261a303a&DisplayLang=en

    Both address the issue.

    -----Original Message-----
    From: Schmehl, Paul L [mailto:pauls@UTDALLAS.EDU]
    Sent: Monday, June 16, 2003 11:42 AM
    To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
    Subject: NetSDK vulnerable to SQL Slammer

    Every week I scan our network with Foundstone's (may they rest in peace)
    :-) SQLScan. Recently I've been detecting vulnerable computers that
    have NetSDK installed. Since these detections are recent, I surmise
    that CS students are downloading and installing NetSDK so they can do
    development work in the .net architecture.

    Why Microsoft would make this software available **in a vulnerable
    form** is beyond me, but I thought the list should know. It's likely
    that at least some networks have this software installed and are
    therefore vulnerable to another Slammer infection. One possible
    scenario is: a CS student installs NetSDK, logs on to the Internet from
    an external network, get's infected with Slammer, brings his laptop to
    campus and infects the campus network.

    NetSDK Downloads:
    <http://msdn.microsoft.com/netframework/downloads/>

    NetSDK Slammer Patch:
    <http://msdn.microsoft.com/netframework/downloads/updates/sdkfix/faq.asp
    x>

    Foundstone's SQLScan:
    http://www.foundstone.com/
    Look in Home/Resources/Free Tools/Scanning Tools

    Paul Schmehl (pauls@utdallas.edu)
    Adjunct Information Security Officer
    The University of Texas at Dallas
    AVIEN Founding Member
    http://www.utdallas.edu/~pauls/

    oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
    Delivery co-sponsored by TruSecure
    oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
    Free 14-day trial of New Threat & Vulnerability Notification Service

    TruSecure's new IntelliShield(tm) web-based threat and vulnerability
    service isn't your typical alert service. Supported by TruSecure's vast
    intelligence resources - including the ICSA Labs - IntelliShield's early
    warning, analysis, decision support, and threat management tools provide
    organizations with unmatched intelligence to better protect critical
    information assets. Experience it for yourself - just click below to begin
    your free, no obligation 14-day trial today!

    http://www.trusecure.com/offer/s0074/

    oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo

    oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
    Delivery co-sponsored by TruSecure
    oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
    Free 14-day trial of New Threat & Vulnerability Notification Service

    TruSecure's new IntelliShield(tm) web-based threat and vulnerability
    service isn't your typical alert service. Supported by TruSecure's vast
    intelligence resources - including the ICSA Labs - IntelliShield's early
    warning, analysis, decision support, and threat management tools provide
    organizations with unmatched intelligence to better protect critical
    information assets. Experience it for yourself - just click below to begin
    your free, no obligation 14-day trial today!

    http://www.trusecure.com/offer/s0074/

    oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo

  • Next message: Kenneth R. van Wyk: "Open response to draft OIS proposal for handling vulnerabilities"

    Relevant Pages

    • Re: NetSDK vulnerable to SQL Slammer
      ... Engine (MSDE). ... NetSDK vulnerable to SQL Slammer ... Free 14-day trial of New Threat & Vulnerability Notification Service ...
      (NT-Bugtraq)
    • Re: NetSDK vulnerable to SQL Slammer
      ... Which version of Visual Studio 2003 are you referring to? ... Free 14-day trial of New Threat & Vulnerability Notification Service ... intelligence resources - including the ICSA Labs - IntelliShield's early ...
      (NT-Bugtraq)
    • Re: Administrivia: Response to OIS Draft on "Security Vulnerability and Response Process"
      ... Subject: Administrivia: Response to OIS Draft on "Security Vulnerability ... Free 14-day trial of New Threat & Vulnerability Notification Service ... intelligence resources - including the ICSA Labs - IntelliShield's early ...
      (NT-Bugtraq)
    • NetSDK vulnerable to SQL Slammer
      ... Every week I scan our network with Foundstone's ... have NetSDK installed. ... that CS students are downloading and installing NetSDK so they can do ... Free 14-day trial of New Threat & Vulnerability Notification Service ...
      (NT-Bugtraq)
    • Re: [Full-disclosure] "responsible disclosure" explanation (an example of the fallacy of i
      ... Let me just define "responsible disclosure" first of all, ... vulnerabilities pose any threat to human life. ... security measures of an airline, that allows me access to passenger ... In this scenario, much as a software vulnerability, two factors are ...
      (Full-Disclosure)