Re: [Full-Disclosure] Re: CERT Advisory CA-2003-19 Exploitation of Vulnerabilities in Microsoft RPC Interface (fwd)

Thu, 31 Jul 2003 19:38:41 -0700 

According to VU#326746 this vulnerability is not the same as the vulnerability 
described in CA-2003-16 (MS03-026), but the exploit you mentioned apparently seems to 
address the same issue, however the exploit name and title is misleading.

Yet if you look at the code then you can find,

short port=135;
 unsigned char buf1[0x1000];
 printf("RPC DCOM DOS Vulnerability discoveried by Xfocus.org\n");
 printf("Code by FlashSky,Flashsky xfocus org,benjurry,benjurry xfocus org\n");
 printf("Welcome to http://www.xfocus.net\n";);
 
And then if you look at the advisory again, you'll find this where the DoS issue is 
mentioned:

"Exploit code for this vulnerability has been publicly released and also targets TCP 
port 135. "

So the Exploit is the one you mentioned
Vulnerability Note for that issue is VU#326746 
Advisory link from VU is http://www.xfocus.org/advisories/200307/4.html
Workaround so far, is to filter the ports described in advisory itself.



Regards
--------
Muhammad Faisal Rauf Danka


--- Stephen <[EMAIL PROTECTED]> wrote:
>> There  appears  to  be  a  separate
>> denial-of-service vulnerability in
>> Microsoft's  RPC  interface  that  is  also 
>> being  targeted [...] 
>> Exploit  code  for  this  vulnerability has been
>> publicly released
>
>they are talking about this f**** exploit or another
>???
>
>http://www.k-otik.com/exploits/07.21.MS03-026.c.php
>
>does the MS03-026 patch correct this shit ?
>
>Regards. Stephen
>
>
>
>--- Muhammad Faisal Rauf Danka <[EMAIL PROTECTED]>
>wrote:
>> 
>> 
>> Regards
>> --------
>> Muhammad Faisal Rauf Danka
>> Date: Thu, 31 Jul 2003 16:59:41 -0400
>> From: CERT Advisory <[EMAIL PROTECTED]>
>> To: [EMAIL PROTECTED]
>> Subject: CERT Advisory CA-2003-19 Exploitation of
>> Vulnerabilities in Microsoft RPC Interface 
>> 
>> 
>> -----BEGIN PGP SIGNED MESSAGE-----
>> 
>> CERT Advisory CA-2003-19 Exploitation of
>> Vulnerabilities in Microsoft RPC
>> Interface
>> 
>>    Original issue date: July 31, 2003
>>    Last revised: -
>>    Source: CERT/CC
>> 
>> 
>> Appendix B. References
>> 
>>      * CERT/CC Vulnerability Note VU#561284 -
>>        http://www.kb.cert.org/vuls/id/561284
>>      * CERT/CC Vulnerability Note VU#326746 -
>>        http://www.kb.cert.org/vuls/id/326746
>>      * Microsoft Security Bulletin MS03-026 -
>>       
>>
>http://microsoft.com/technet/security/bulletin/MS03-026.asp
>>      * Microsoft      Knowledge      Base     
>> article      823980      -
>>        http://support.microsoft.com?kbid=823980
>>   
>>
>______________________________________________________________________
>> 
>>    Authors: Chad Dougherty and Kevin Houle
>>   
>>
>______________________________________________________________________
>> 
>> 
>=== message truncated ===
>
>
>__________________________________
>Do you Yahoo!?
>Yahoo! SiteBuilder - Free, easy-to-use web site design software
>http://sitebuilder.yahoo.com
>_______________________________________________
>Full-Disclosure - We believe in it.
>Charter: http://lists.netsys.com/full-disclosure-charter.html

_____________________________________________________________
---------------------------
[ATTITUDEX.COM]
http://www.attitudex.com/
---------------------------
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Reply via email to