Full Disclosure mailing list archives

RE: Re: Bad news on RPC DCOM vulnerability

From: "Dimitri Limanovski" <dlimanov () sct com>
Date: Fri, 10 Oct 2003 17:37:47 -0400


Not much info on the page but here goes the juicy part.
Exploit: http://www.securitylab.ru/_exploits/rpc2.c.txt
Shellcode: http://www.securitylab.ru/_exploits/shell.asm.txt
Based on user responses, this is, in fact, working exploit that will
work on already patched systems. It's only a matter of time for
compiled binary to surface.

Dimitri



|---------+-------------------------------------->
|         |           "Brown, Bobby (US -        |
|         |           Hermitage)"                |
|         |           <bobbrown () deloitte com>    |
|         |           Sent by:                   |
|         |           full-disclosure-admin@lists|
|         |           .netsys.com                |
|         |                                      |
|         |                                      |
|         |           10/10/2003 03:34 PM        |
|         |                                      |
|---------+-------------------------------------->
  >--------------------------------------------------------------------------------------------------------------|
  |                                                                                                              |
  |       To:       "'Alex'" <pk95 () yandex ru>, bugtraq () securityfocus com, full-disclosure () lists netsys com,    
  |
  |        NTBUGTRAQ () LISTSERV NTBUGTRAQ COM                                                                      |
  |       cc:       Secure () microsoft com                                                                         |
  |       Subject:  RE: [Full-disclosure] Re: Bad news on RPC DCOM vulnerability                                 |
  >--------------------------------------------------------------------------------------------------------------|



For us that can not interpret the site, what more information can be
provided.

Bobby

-----Original Message-----
From: Alex [mailto:pk95 () yandex ru]
Sent: Friday, October 10, 2003 1:09 PM
To: bugtraq () securityfocus com; full-disclosure () lists netsys com;
NTBUGTRAQ () LISTSERV NTBUGTRAQ COM
Cc: Secure () microsoft com
Subject: [Full-disclosure] Re: Bad news on RPC DCOM vulnerability


Exploit code can be found here:
http://www.securitylab.ru/40754.html

This code work with  all  security  fixes. It's very dangerous.

----- Original Message -----
From: "3APA3A" <3APA3A () SECURITY NNOV RU>
To: <bugtraq () securityfocus com>; <full-disclosure () lists netsys com>;
<NTBUGTRAQ () LISTSERV NTBUGTRAQ COM>
Cc: <Secure () microsoft com>
Sent: Friday, October 10, 2003 6:48 PM
Subject: Bad news on RPC DCOM vulnerability

Dear bugtraq () securityfocus com,

There are few bad news on RPC DCOM vulnerability:

1.  Universal  exploit  for  MS03-039  exists in-the-wild, PINK

FLOYD is

again actual.
2.  It  was  reported  by exploit author (and confirmed), Windows XP

SP1

with  all  security  fixes  installed still vulnerable to variant of

the

same bug. Windows 2000/2003 was not tested. For a while only DoS

exploit

exists,  but  code execution is probably possible. Technical details

are

sent to Microsoft, waiting for confirmation.

Dear  ISPs.  Please  instruct  you customers to use personal

fireWALL in

Windows XP.

--
http://www.security.nnov.ru
         /\_/\
        { , . }     |\
+--oQQo->{ ^ }<-----+ \
|  ZARAZA  U  3APA3A   }
+-------------o66o--+ /
                    |/
You know my name - look up my number (The Beatles)



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
This message (including any attachments) contains confidential
information
intended for a specific individual and purpose, and is protected by
law.  If
you are not the intended recipient, you should delete this message.
Any
disclosure, copying, or distribution of this message, or the taking of
any
action based on it, is strictly prohibited.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html





_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

Re: Re: Bad news on RPC DCOM vulnerability, (continued)
- - - Re: Re: Bad news on RPC DCOM vulnerability petard (Oct 10)
    - Re: Bad news on RPC DCOM2 vulnerability Peter King (Oct 11)
    - AW: Bad news on RPC DCOM2 vulnerability Florian Keller (Oct 11)
    - Re: Bad news on RPC DCOM2 vulnerability Alex (Oct 11)
    - AW: Bad news on RPC DCOM2 vulnerability Florian Keller (Oct 11)
    - Re: Bad news on RPC DCOM2 vulnerability Valdis . Kletnieks (Oct 11)
  - Re: Re: Bad news on RPC DCOM vulnerability Vladimir Parkhaev (Oct 10)
    - Re: Re: Bad news on RPC DCOM vulnerability V.O. (Oct 10)
  - Re: Re: Bad news on RPC DCOM vulnerability Irwan Hadi (Oct 10)
  - RE: Re: Bad news on RPC DCOM vulnerability Matthew D. Lammers (Oct 10)
- RE: Re: Bad news on RPC DCOM vulnerability Dimitri Limanovski (Oct 10)
- RE: Bad news on RPC DCOM vulnerability VigilantMinds Security Operations Center (Oct 10)
- RE: Re: Bad news on RPC DCOM vulnerability Mike Gordon (Oct 12)
  - Re: RE: Re: Bad news on RPC DCOM vulnerability Paul Tinsley (Oct 12)
    - RE: RE: Re: Bad news on RPC DCOM vulnerability Mike Gordon (Oct 12)
  - Re: RE: Re: Bad news on RPC DCOM vulnerability Alex (Oct 12)
    - RE: RE: Re: Bad news on RPC DCOM vulnerability Brett Moore (Oct 14)
- RE: RE: Re: Bad news on RPC DCOM vulnerability Mike Gordon (Oct 12)
- Re: RE: Re: Bad news on RPC DCOM vulnerability webheadport80 (Oct 13)
- RE: RE: Re: Bad news on RPC DCOM vulnerability Schmehl, Paul L (Oct 13)
- RE: RE: Re: Bad news on RPC DCOM vulnerability Gordon, Mike (Oct 14)