Windows DCOM exploit (was Re: What you don't want to hear from a peer)
George Bakos
gbakos at ists.dartmouth.edu
Fri Jul 25 20:01:16 UTC 2003
HD Moore released one today that returns a Local System shell on port 4444. I've run it in the lab and, as expected of all HD code, works consistantly.
g
On Fri, 25 Jul 2003 15:56:57 -0400
"Ingevaldson, Dan (ISS Atlanta)" <dsi at iss.net> wrote:
> George-
>
> Which exploit are you referring to? There are several floating around.
> Many of them are misrepresented as MS03-026 exploits. There was another
> vulnerability disclosed that only causes a DoS condition--no remote
> compromise.
>
> Regards,
> ===============================
> Daniel Ingevaldson
> Engineering Manager, X-Force R&D
> dsi at iss.net
> 404-236-3160
>
> Internet Security Systems, Inc.
> The Power to Protect
> http://www.iss.net
> ===============================
>
>
> -----Original Message-----
> From: George Bakos [mailto:gbakos at ists.dartmouth.edu]
> Sent: Friday, July 25, 2003 3:47 PM
> Cc: jtk at depaul.edu; nanog at merit.edu
> Subject: Windows DCOM exploit (was Re: What you don't want to hear from
> a peer)
>
>
>
> On Fri, 25 Jul 2003 14:29:13 -0500
> John Kristoff <jtk at depaul.edu> wrote:
>
> > Maybe it'll help start the weekend with a smile.
>
> Smile for now; it probably won't last. The Windows DCOM exploit that was
> released today, works perfectly. BTW, how many residential networks
> (worm
> fodder) really need port 135/tcp open, anyway?
>
> And I thought I would have time to split some cordwood today. Rats.
>
George Bakos
Institute for Security Technology Studies - IRIA
Dartmouth College
gbakos at ists.dartmouth.edu
603.646.0665 -voice
603.646.0666 -fax
More information about the NANOG
mailing list