Full Disclosure mailing list archives
RE: DCOM RPC exploit (dcom.c)
From: "Schmehl, Paul L" <pauls () utdallas edu>
Date: Tue, 29 Jul 2003 14:55:30 -0500
-----Original Message----- From: Robert Banniza [mailto:robert () rootprompt net] Sent: Tuesday, July 29, 2003 11:26 AM To: full-disclosure () lists netsys com Subject: Re: [Full-disclosure] DCOM RPC exploit (dcom.c) Just received this from ISS minutes ago...Another RPC vulnerability scanning tool: http://www.iss.net/support/product_utilities/ms03-026rpc.php Couple things we have noticed.... 1) OS identification is pretty much hit and miss 2) We have seen where XP SP1 unpatched doesn't show vulnerable (this patch was previously installed and then un-installed.) However, machine is confirmed vulnerable.
I did a simple comparison of the two tools on one VLAN. They both found the same hosts and they both agreed on which were patched and which were not patched.
Anyone else know what the last column of the output means? i.e. '5.6' or '0.0'?
I didn't see anything on their site explaining what those numbers mean and both patched and vulnerable machines produced both numbers, so I have no idea what they mean. Paul Schmehl (pauls () utdallas edu) Adjunct Information Security Officer The University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu/~pauls/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- RE: DCOM RPC exploit (dcom.c), (continued)
- RE: DCOM RPC exploit (dcom.c) Thiago Campos (Jul 28)
- RE: DCOM RPC exploit (dcom.c) John . Airey (Jul 29)
- RE: DCOM RPC exploit (dcom.c) Nick FitzGerald (Jul 29)
- RE: DCOM RPC exploit (dcom.c) Schmehl, Paul L (Jul 29)
- Re: DCOM RPC exploit (dcom.c) Robert Banniza (Jul 29)
- Re: DCOM RPC exploit (dcom.c) Preston Newton (Jul 30)
- RE: DCOM RPC exploit (dcom.c) Ron DuFresne (Jul 29)
- Re: DCOM RPC exploit (dcom.c) Robert Banniza (Jul 29)
- RE: DCOM RPC exploit (dcom.c) Schmehl, Paul L (Jul 29)
- Re: DCOM RPC exploit (dcom.c) Kain (Jul 29)
- RE: DCOM RPC exploit (dcom.c) Myers, Marvin (Jul 29)
- RE: DCOM RPC exploit (dcom.c) Schmehl, Paul L (Jul 29)
- SV: DCOM RPC exploit (dcom.c) Peter Kruse (Jul 29)
- Re: DCOM RPC exploit (dcom.c) Knud Erik Højgaard (Jul 29)
- RE: DCOM RPC exploit (dcom.c) Andy Wood (Jul 29)
- RE: DCOM RPC exploit (dcom.c) Tom H (Jul 29)
- DCOM RPC - DEVESTATING IN SCOPE morning_wood (Jul 30)
- RE: DCOM RPC exploit (dcom.c) Mortis (Jul 30)
- SV: DCOM RPC exploit (dcom.c) Peter Kruse (Jul 29)