rage case and specifics cases will fall below the
average". This suggests that is not entirely out of the question
for the attack to succeed within one minute. If that risk is not
appropriate in one's environment, then other measures (which may
include inetd/tcpserver
eports "The Machine tested has the IPP
Vulnerability!" on machines that have Microsoft's Q296576 patch.)
Matt Power
BindView Corporation, RAZOR Team
[EMAIL PROTECTED]
*** iishack2000.c.old Wed May 2 23:58:17 2001
--- iishack2000.c Wed May 2 23:58:17 2001
***
*** 86,89
#]: received yp password update request
from (various binary data followed by a shell command)
and rpc.nispasswdd continues running. I don't know for sure
whether rpc.nispasswdd can be vulnerable to this exploit, but I
saw no vulnerability in any of my tests (which were on Solaris 7).
Matt Power
BindView Corporation, RAZOR Team
[EMAIL PROTECTED]
