Re: Windows DCOM exploit (was Re: What you don't want to hear from a peer)
HD Moore released one today that returns a Local System shell on port 4444. I've run it in the lab and, as expected of all HD code, works consistantly. g On Fri, 25 Jul 2003 15:56:57 -0400 "Ingevaldson, Dan (ISS Atlanta)" <dsi@iss.net> wrote:
George-
Which exploit are you referring to? There are several floating around. Many of them are misrepresented as MS03-026 exploits. There was another vulnerability disclosed that only causes a DoS condition--no remote compromise.
Regards, =============================== Daniel Ingevaldson Engineering Manager, X-Force R&D dsi@iss.net 404-236-3160
Internet Security Systems, Inc. The Power to Protect http://www.iss.net ===============================
-----Original Message----- From: George Bakos [mailto:gbakos@ists.dartmouth.edu] Sent: Friday, July 25, 2003 3:47 PM Cc: jtk@depaul.edu; nanog@merit.edu Subject: Windows DCOM exploit (was Re: What you don't want to hear from a peer)
On Fri, 25 Jul 2003 14:29:13 -0500 John Kristoff <jtk@depaul.edu> wrote:
Maybe it'll help start the weekend with a smile.
Smile for now; it probably won't last. The Windows DCOM exploit that was released today, works perfectly. BTW, how many residential networks (worm fodder) really need port 135/tcp open, anyway?
And I thought I would have time to split some cordwood today. Rats.
George Bakos Institute for Security Technology Studies - IRIA Dartmouth College gbakos@ists.dartmouth.edu 603.646.0665 -voice 603.646.0666 -fax
participants (1)
-
George Bakos