Hi, > "The new DoS vulnerability was disclosed by a hacking group > in China on July 25, 2003, and functional exploit code is > already in use on the Internet. "
This is well known. However it�s not the BoF exploit. Yet again, the detailed advisory from Eeye makes it fairly easy to write a working exploit. Although I haven�t seen a PoC yet I would expect it to be release shortly. It�s a bit harder to exploit than the previous RPC Dcom weakness but it�s certainly possible. Please note that Eeye has already released an update for Retina Security Scanner and I suppose every script kid, cracker or hacker should be able to sniff to code from Retina going to a remote vulnerable host. You think? CHAM, yeah? I suggest we update RPC - again. Med venlig hilsen // Kind regards Peter Kruse Kruse Security http://www.krusesecurity.dk _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
