RE: Microsoft Baseline Security Analyzer exploit (Exposed vulnera bilities' list)

From: David Korn (dkorn@pixelpower.com)
Date: 04/26/02 

From: David Korn <dkorn@pixelpower.com>
To: 'Menashe Eliezer' <menashe@finjan.com>, 3APA3A <3APA3A@SECURITY.NNOV.RU>
Date: Fri, 26 Apr 2002 09:33:00 +0100

>-----Original Message-----
>From: Menashe Eliezer [mailto:menashe@finjan.com]
>Sent: 25 April 2002 18:18
>To: 3APA3A
>Cc: Bugtraq; vuln-dev
>Subject: RE: Microsoft Baseline Security Analyzer exploit (Exposed
>vulnerabilities' list)
>
>
>The vulnerabilities' list is accessible even by unprivileged
>user account.

  Just as a side note, but it shows that it's not only the MBSA that
exposes this sort of damaging information, the vulns list can also be
remotely inferred if SNMP is enabled, since it is possible to enumerate
the list of installed service packs / hot fixes and thereby deduce any
omissions: example from "snmputil walk <ip.addr> public .1.3.6.1.2.1."

---snip---
Variable = .25.6.3.1.2.41
Value = OCTET STRING - Windows 2000 Hotfix (Pre-SP3) [See Q292435 for
more information]

Variable = .25.6.3.1.2.42
Value = OCTET STRING - Windows 2000 Hotfix (Pre-SP3) [See Q296074 for
more information]

Variable = .25.6.3.1.2.43
Value = OCTET STRING - Windows 2000 Hotfix (Pre-SP3) [See Q298009 for
more information]

Variable = .25.6.3.1.2.44
Value = OCTET STRING - Windows 2000 Hotfix (Pre-SP3) [See Q298012 for
more information]

Variable = .25.6.3.1.2.45
Value = OCTET STRING - Windows 2000 Hotfix (Pre-SP3) [See Q299553 for
more information]

Variable = .25.6.3.1.2.46
Value = OCTET STRING - Windows 2000 Hotfix (Pre-SP3) [See Q299687 for
more information]

Variable = .25.6.3.1.2.47
Value = OCTET STRING - Windows 2000 Hotfix (Pre-SP3) [See Q299796 for
more information]

Variable = .25.6.3.1.2.48
Value = OCTET STRING - Windows 2000 Hotfix (Pre-SP3) [See Q300477 for
more information]

Variable = .25.6.3.1.2.49
Value = OCTET STRING - Windows 2000 Hotfix (Pre-SP3) [See Q300972 for
more information]

Variable = .25.6.3.1.2.50
Value = OCTET STRING - Windows 2000 Hotfix (Pre-SP3) [See Q301077 for
more information]

Variable = .25.6.3.1.2.51
Value = OCTET STRING - Windows 2000 Hotfix (Pre-SP3) [See Q301625 for
more information]

Variable = .25.6.3.1.2.52
Value = OCTET STRING - Windows 2000 Hotfix (Pre-SP3) [See Q302755 for
more information]

Variable = .25.6.3.1.2.53
Value = OCTET STRING - Windows 2000 Hotfix (Pre-SP3) [See Q302827 for
more information]

Variable = .25.6.3.1.2.54
Value = OCTET STRING - Windows 2000 Hotfix (Pre-SP3) [See Q303984 for
more information]

Variable = .25.6.3.1.2.55
Value = OCTET STRING - Windows 2000 Hotfix (Pre-SP3) [See Q304135 for
more information]

---snip---

       DaveK 

-- 
Burn your ID card!  http://www.optional-identity.org.uk/
Help support the campaign, copy this into your .sig!

**********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote also confirms that this email message has been swept by
MIMEsweeper for the presence of computer viruses.

www.mimesweeper.com
**********************************************************************