Dailydave: Re: MSRPC vulnerability 1 billion and six?

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Dailydave mailing list archives

Re: MSRPC vulnerability 1 billion and six?

From: Blue Boar <BlueBoar () thievco com>
Date: Thu, 17 Nov 2005 11:32:44 -0800

Dave Aitel wrote:

I have to assume its just "connect to a service, send it a lot of data".I don't see why that wouldn't work against SP2. You can connect toservices and send lots of data on SP2 as well.

Hm? The mitigation is that you can't connect to RPC on XP SP2 withoutauthenticating, isn't it? You can connect, you just have toauthenticate first.

BB

By Date By Thread

Current thread:

Re: MSRPC vulnerability 1 billion and six?, (continued)
- Re: MSRPC vulnerability 1 billion and six? H D Moore (Nov 17)
  - Re: MSRPC vulnerability 1 billion and six? Dave Aitel (Nov 17)
- Re: MSRPC vulnerability 1 billion and six? halvar (Nov 17)
  - Re: MSRPC vulnerability 1 billion and six? Dave Aitel (Nov 17)
  - Re: MSRPC vulnerability 1 billion and six? Thomas Lakofski (Nov 20)
- Re: MSRPC vulnerability 1 billion and six? Blue Boar (Nov 17)
  - Re: MSRPC vulnerability 1 billion and six? H D Moore (Nov 17)
  - Re: MSRPC vulnerability 1 billion and six? Dave Aitel (Nov 17)