Mark, You have a link for those?
Darrell ------------------------------------------------------------------------ Check out http://www.invariantsystems.com for utilities for Declude And Imail. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG Integration, and Log Parsers. ----- Original Message ----- From: "Mark Reimer" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, April 13, 2007 1:29 PM Subject: RE: [Declude.JunkMail] Vulnerability in RPC on Windows DNS Server Could Allow Remote Code Execution While we are on the topic of vulnerabilities I just saw 2 new vulnerabilities found in clamav. Mark Reimer IT System Admin American CareSource 972-308-6887 -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mark Reimer Sent: Friday, April 13, 2007 12:26 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Vulnerability in RPC on Windows DNS Server Could Allow Remote Code Execution You could do Microsoft's registry workaround if you are not using the remote management. Mark Reimer IT System Admin American CareSource 972-308-6887 -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matt Sent: Friday, April 13, 2007 10:58 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Vulnerability in RPC on Windows DNS Server Could Allow Remote Code Execution > However, for ISP's that use MS DNS servers and do remote management > from the inside - their customers could potentially exploit them. > I have worked with folks who run services other than mail on their DNS > servers. One example is FTP. With passive ftp high ports 1024+ need > to be open both ways. So if they are using standard ACL's and not a > firewall this could lead to some trouble as well. Stateful firewalls don't need to open these ports for passive FTP. The FTP connection is established on the standard port after which the passive port is shared with the client and the firewall tracks this and allows the connection. As a rule of thumb, RPC should never be exposed to untrusted IP space. It is also odd and possibly grossly incompetent of Microsoft to choose to use ports 1024+ for such purposes, but I'm thinking that they have some weakly justifiable reason to do this as a "feature". Matt --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
