Hey hey guys. I believe it has something to do with CIS. " COM Internet Services Proxy (a feature that is part of Windows 2000 that allows a server to accept DCOM requests tunneled over HTTP)"
" The list of supported transports is as follows: Local RPC ncalrpc TCP/IP ncacn_ip_tcp SPX ncacn_spx Named pipes ncacn_np NetBIOS netbios VINES IP ncacn_vns_spp It is not, however, documented in any of Microsoft resources, that Outlook can use another RPC transport, ncacn_http" Its not enabled by default, however in therory this makes whatever port the server is configured to run it on vulnerable. Hope someone else can clear this up further. ----- Original Message ----- From: "Jasper Blackwell" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, August 01, 2003 7:50 AM Subject: [Full-Disclosure] RE: DCOM Exploit MS03-026 attack vectors > Hi All, > > >Microsoft owns up to the exploit being usable on 135, 139 and 445, I have > >heard rumors of port 80 being vulnerable as well. I was curious as to > >whether anyone had seen anything using a port other than 135? Everything I > >have seen discussed here and elsewhere has been 135 specific. > > > >Thanks, > > > >Paul Tinsley > > I have no more information as yet, expect to say that I saw someone asking a > similar question somewhere else and they asked whether the RPC_CONNECT > method could be used in HTML to spread this. Now I am not an HTML programmer > let alone a C programmer so I have no idea whether that is feasible or not. > However I would be very interested if it is as it could make a big > difference to all of us. So any of the more knowledgable people out there, > is there anyway that comes to mind that this exploit could work over port > 80? What about other programs that use DCOM and listen on other ports, are > they vulnerable in theory? Would it require entirely new exploitcode for > each package/port to be exploited? > > By the way I am not asking for an exploit, I am neutral in the whole debate, > just someone who knows what they are talking about to give us an idea of > whether this thing is ever going to work over ports other then 135. > > Jasp > > _________________________________________________________________ > Hotmail messages direct to your mobile phone http://www.msn.co.uk/msnmobile > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
