Full Disclosure: Re: MS03-039 has been released

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Full Disclosure mailing list archives

Re: MS03-039 has been released - critical

From: "Kurt Seifried" <listuser () seifried org>
Date: Wed, 10 Sep 2003 17:53:04 -0600

According to ISS, http://xforce.iss.net/xforce/alerts/id/152, they claim
that functional exploit code is already in use on the Internet.


This is for the DoS attack / privilege escalation requiring an account.
Nothing to serious (compared to the remote holes). Can't be used remotely as
far as is known (although if anyone knows otherwise please pipe up).

It's almost exactly 3 weeks old (exploit released publicly) at this point, a
bit late to start worrying.

Kurt Seifried, kurt () seifried org
A15B BEE5 B391 B9AD B0EF
AEB0 AD63 0B4E AD56 E574
http://seifried.org/security/




_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

By Date By Thread

Current thread:

RE: MS03-039 has been released - critical, (continued)
- RE: MS03-039 has been released - critical Caggy, James (Sep 10)
- RE: MS03-039 has been released - critical Jeffrey . Stebelton (Sep 10)
- RE: MS03-039 has been released - critical Jones, David H (Sep 10)
- RE: MS03-039 has been released - critical Bobby, Paul (Sep 10)
  - RE: MS03-039 DoS Exploit Elv1S (Sep 10)
  - Re: MS03-039 has been released - critical Kurt Seifried (Sep 10)
- RE: MS03-039 has been released - critical LaRose, Dallas (Sep 10)
- RE: MS03-039 has been released - critical Bergeron, Jared (Sep 10)
  - Re[2]: MS03-039 has been released - critical waces (Sep 10)
    - RE: Re[2]: MS03-039 has been released - critical Derek Soeder (Sep 11)
    - Re[4]: MS03-039 has been released - critical waces (Sep 11)