Home page logo
/

pen-test logo Penetration Testing mailing list archives

Re: [PEN-TEST] RDS exploit simulation
From: Steve <steve () SECURESOLUTIONS ORG>
Date: Mon, 18 Sep 2000 13:28:56 -0600

Why not just head over to www.wiretrip.net/rfp and read the advisories on
it?  There should be two of them, the original and an updated one.
Rain.Forrest.Puppy does an excellent job of explaining the vulnerability and
his script.  Yes, version 2.0 is also vulnerable.  I have seen and tested
boxes that are at IE5.0 and SP6a that are still vulnerable.

Regards;


Steve Manzuik
Moderator - Win2K Security Advice

Security Analyst - Bindview RAZOR
http://razor.bindview.com

-------------------------------------------

-----Original Message-----
From: Penetration Testers [mailto:PEN-TEST () SECURITYFOCUS COM]On Behalf
Of Oliver Petruzel
Sent: Monday, September 18, 2000 12:01 PM
To: PEN-TEST () SECURITYFOCUS COM
Subject: Re: [PEN-TEST] RDS exploit simulation


This is because you are using patched versions being >>distributed on
newer
versions of the Option Pack and MCIS CD's.

I actually have stayed away from ALL "option packs" on purpose for that
reason.  I have been using the NT 4.0 IIS base install and then up to
and including Service Pack 4.  Which is mdac 2.0.

It was my understanding that 2.0 was still vuln.  or is it not?
right now, I'm unable to find an old enough option pack.  The ones I
have install mdac 2.1.

Perhaps someone can better explain this vuln to me (and everyone else)
since it is so common in the wild.  Thanks.

./oliver


-----------------------------------------------
FREE! The World's Best Email Address @email.com
Reserve your name now at http://www.email.com


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]