|
Full Disclosure
mailing list archives
SV: MS03-039 has been released - critical
From: "Peter Kruse" <kruse () krusesecurity dk>
Date: Wed, 10 Sep 2003 23:20:20 +0200
Hi,
"The new DoS vulnerability was disclosed by a hacking group
in China on July 25, 2003, and functional exploit code is
already in use on the Internet. "
This is well known. However it´s not the BoF exploit.
Yet again, the detailed advisory from Eeye makes it fairly easy to write
a working exploit. Although I haven´t seen a PoC yet I would expect it
to be release shortly. It´s a bit harder to exploit than the previous
RPC Dcom weakness but it´s certainly possible.
Please note that Eeye has already released an update for Retina Security
Scanner and I suppose every script kid, cracker or hacker should be able
to sniff to code from Retina going to a remote vulnerable host. You
think? CHAM, yeah?
I suggest we update RPC - again.
Med venlig hilsen // Kind regards
Peter Kruse
Kruse Security
http://www.krusesecurity.dk
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
 By Date 
By Thread
Current thread:
|
Intro
