Full Disclosure mailing list archives
RE: Cox is blocking port 135 - off topic
From: "Rick Kingslan" <rkingsla () cox net>
Date: Sun, 10 Aug 2003 21:56:35 -0500
You might want to drop Todd Sabin a note at Razor Bindview and ask him. He's the one that apparently exposed the potential for other ports (137, 445, 539). My expeirences with Todd over the years is that he rarely discloses a potential for vulnerabilty unless there is a reason. And, he rarely plays games. But, then - everyone gets bored now and again.... -rtk -----Original Message----- From: full-disclosure-admin () lists netsys com [mailto:full-disclosure-admin () lists netsys com] On Behalf Of Joey Sent: Sunday, August 10, 2003 9:02 PM To: Anthony Clark; full-disclosure () lists netsys com Subject: Re: [Full-disclosure] Cox is blocking port 135 - off topic I don't think DCOM is used on any other port besides 135. When i disabled dcom using dcomcnfg.exe, the only port that stopped listening was 135. and for the specifics for how the buffer overflow works(http://www.lsd-pl.net/special.html) - "In a result of implementation error in a function responsible for instantiation of DCOM objects, remote attackers can obtain remote access to vulnerable systems." People claim that the same buffer overflow works on the SMB port(445) which is an entirely different service, but can they prove it? --- Anthony Clark <volkam () comcast net> wrote:
Right.. /* Windows 2003 <= remote RPC DCOM exploit * Coded by .:[oc192.us]:. Security * Modified by rogers@efnet * * Features: * * -d destination host to attack. * * -p for port selection as exploit works on ports other than 135(139,445,539 etc)
__________________________________ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Cox is blocking port 135 Joey (Aug 10)
- Cox is blocking port 135 - off topic Kurt Seifried (Aug 10)
- Re: Cox is blocking port 135 - off topic martin f krafft (Aug 10)
- Re: Cox is blocking port 135 - off topic pdt (Aug 10)
- Re: Cox is blocking port 135 - off topic harq deman (Aug 10)
- Re: Cox is blocking port 135 - off topic bugtracker505 (Aug 10)
- Re: Cox is blocking port 135 - off topic Joey (Aug 10)
- Re: Cox is blocking port 135 - off topic Nick FitzGerald (Aug 10)
- Re: Cox is blocking port 135 - off topic Anthony Clark (Aug 10)
- Re: Cox is blocking port 135 - off topic Joey (Aug 10)
- RE: Cox is blocking port 135 - off topic Rick Kingslan (Aug 10)
- Message not available
- Re: Cox is blocking port 135 - off topic Anthony Clark (Aug 10)
- Cox is blocking port 135 - off topic Kurt Seifried (Aug 10)