Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: MSblast worm

From: "Matthew Murphy" <mattmurphy () kc rr com>
Date: Tue, 12 Aug 2003 11:09:13 -0500
----- Original Message -----
From: "Johan Denoyer" <jdenoy () digital-connexion info>
To: "Jasper Blackwell" <jasper599 () hotmail com>
Cc: <full-disclosure () lists netsys com>
Sent: Tuesday, August 12, 2003 6:09 AM
Subject: Re: [Full-disclosure] MSblast worm



worms affects :

Microsoft Windows NT 4.0
Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003


WRONG!  The RPC vulnerability affects all of these systems, but the worm
does not successfully spread to Windows NT or to Windows Server 2003
machines.  Further analysis shows my initial conclusion to be wrong, as many
stated here: Windows 2000 *and* Windows XP are impacted.

The reason this doesn't spread to NT/Windows Server machines is because the
two return addresses used are specific to Windows XP/2000.  The exploit is a
straight rip out of dcom.c, right down to the 4444/tcp shell.


Salutations,

Johan Denoyer
jdenoy () digital-connexion info
Digital Connexion
http://www.digital-connexion.info

Jasper Blackwell a dit&#160;:

Hi All,

Does anyone know if this MSblast worm affects Win NT machines, or is it
just
infecting 2000 and XP.

Thanks

Jasp

_________________________________________________________________
Sign-up for a FREE BT Broadband connection today!
http://www.msn.co.uk/specials/btbroadband

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: