RE: [LSD] Critical security vulnerability in Microsoft Operating Systems

From: Russ (Russ.Cooper_at_rc.on.ca)
Date: 07/19/03

  • Next message: http-equiv_at_excite.com: "Re: Microsoft ISA Server HTTP error handler XSS (TL#007)"
    Date: Fri, 18 Jul 2003 18:35:23 -0400
    To: "Todd Sabin" <tsabin@razor.bindview.com>, "Last Stage of Delirium" <contact@lsd-pl.net>, <bugtraq@securityfocus.com>
    
    

    ----
    o ncacn_http   : if active, listening on TCP port 593.
    Finally, if ncacn_http is active, and COM Internet Services is
    installed and enabled, which is NOT the default in any configuration
    I'm aware of, then you can also talk to the endpoint mapper over port
    80.  Just to be clear, I think this is a very uncommon scenario, but
    the possibility does exist.
    ----
    Microsoft list RPC over HTTP as a mitigator. I checked with them and they've confirmed that it isn't vulnerable. Therefore fear of attacks via TCP 80, or against COM+, are IMO unfounded.
    Further, what's the likelihood that a machine will have TCP139 or 445 open and not have TCP135 open too? While its certainly realistic to state attacks could come via named pipes, I personally think its unlikely. Given all of the activity we have on those ports already, none of it using named pipes, I'd think we'd have seen something else use them before now.
    Cheers,
    Russ - NTBugtraq Editor
    

  • Next message: http-equiv_at_excite.com: "Re: Microsoft ISA Server HTTP error handler XSS (TL#007)"

    Relevant Pages

    • Re: Check for activity on TCP port
      ... I'm looking for an event that will fire once a tcp port moves from the ... There's no such thing as a TCP port moving "from listening status to ... An entirely new connection, with the "established" ... Vista's new aero glass slows down the screen refresh ...
      (microsoft.public.dotnet.languages.csharp)
    • Re: VNC Problem
      ... 01/10/2004 18:24:45 Listening for VNC connections on TCP port 5901 ... 01/10/2004 18:24:45 Listening for HTTP connections on TCP port 5801 ...
      (comp.os.linux.networking)
    • Re: Check for activity on TCP port
      ... There's no such thing as a TCP port moving "from listening status to established status". ... An entirely new connection, with the "established" status, is created when an application with a "listening" TCP port accepts the connection. ... If you think it might be useful for getting better advice, you might consider being more specific about the "clean up code". ...
      (microsoft.public.dotnet.languages.csharp)
    • Re: rendom /prepare failed to bind to server
      ... Attempting to resolve name to IP address... ... TCP port 1753 (unknown service): NOT LISTENING ...
      (microsoft.public.windows.server.active_directory)
    • Re: No incoming mail from outside -- FIXED
      ... Exchange System Manager to Default Virtual SMTP Server properties and ... > I reran CEICW and ISA has rules allowing TCP port 25 in and out to/from ... > Portqry and Telnet from local addresses show Exchange is listening on TCP ...
      (microsoft.public.windows.server.sbs)