Windows DCOM exploit (was Re: What you don't want to hear from a peer)

George Bakos gbakos at ists.dartmouth.edu
Fri Jul 25 20:01:16 UTC 2003


HD Moore released one today that returns a Local System shell on port 4444. I've run it in the lab and, as expected of all HD code, works consistantly.

g

On Fri, 25 Jul 2003 15:56:57 -0400
"Ingevaldson, Dan (ISS Atlanta)" <dsi at iss.net> wrote:

> George-
> 
> Which exploit are you referring to?  There are several floating around.
> Many of them are misrepresented as MS03-026 exploits.  There was another
> vulnerability disclosed that only causes a DoS condition--no remote
> compromise.
> 
> Regards,
> ===============================
> Daniel Ingevaldson
> Engineering Manager, X-Force R&D
> dsi at iss.net 
> 404-236-3160
>  
> Internet Security Systems, Inc.
> The Power to Protect
> http://www.iss.net 
> ===============================
> 
> 
> -----Original Message-----
> From: George Bakos [mailto:gbakos at ists.dartmouth.edu] 
> Sent: Friday, July 25, 2003 3:47 PM
> Cc: jtk at depaul.edu; nanog at merit.edu
> Subject: Windows DCOM exploit (was Re: What you don't want to hear from
> a peer)
> 
> 
> 
> On Fri, 25 Jul 2003 14:29:13 -0500
> John Kristoff <jtk at depaul.edu> wrote:
> 
> > Maybe it'll help start the weekend with a smile.
> 
> Smile for now; it probably won't last. The Windows DCOM exploit that was
> released today, works perfectly. BTW, how many residential networks
> (worm
> fodder) really need port 135/tcp open, anyway?
> 
> And I thought I would have time to split some cordwood today. Rats.
> 

George Bakos
Institute for Security Technology Studies - IRIA
Dartmouth College
gbakos at ists.dartmouth.edu
603.646.0665 -voice
603.646.0666 -fax



More information about the NANOG mailing list