Full Disclosure mailing list archives
RE: DCOM RPC exploit (dcom.c)
From: <fulldisclosure () catholic org>
Date: Sun, 27 Jul 2003 15:43:54 -0000 (GMT)
24 hours after sending the code to the list, I still beleive it was the right thing to do, being already published on the web (metasploit.com) and refered to in news article (news.com). From then, it was only a matter of hours until someone spill the beans to a mailling list, as I did. the 2 weeks "grace" period being too short makes no real difference in the outcome, microsoft products need to be constantly updated,and thats a fact. People hit by slammer last year had plenty of time (6 month) to patch their system, working exploit code was available from the begining thru cnhonker.com to exploit MS02-039 month before slammer speaded on the web, result ? most of MSSQL servers on the net were still vulnerable when the public exploit became so "mainstream" that someone wrote a worm for it. Code being availlable to exploit a vuln is only a matter of time, sometime days (latest cisco vuln) and sometime weeks (webdav)... but history has proven us that even with a 6 month "grace" period, many systems remain vulnerable. If it wasnt of that necessary evil that fulldisclosure is, we would still be running vulnerable version of sendmail with the WIZ command enable by defalut. (doh) Matt LaFlamme FD supporter Georgi Guninski wrote:
Chris Paget wrote:Personally, I'm tempted to set up my firewall to NAT incoming requests
on port
135 to either www.metasploit.com or www.xfocus.org. I know this is the full-disclosure list, but working exploit code for an issue this huge
is taking
it a bit far, especially less than 2 weeks after the advisory comes out.IMHO releasing the exploit is ethical and legal. The root of the problem is m$, they should take responsibility for the
worms.
IIRC the m$ EULA states something like "the product is not fit for any
purpose". So the exploit is consistent with the m$ EULA, I can't understand why you whine.
btw, Terry Pratchett has very good writings on IT EULA's and practices -
check "Good Omens" and a disc world book mentioning a disorganizer.
georgi _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
----------------------------------------- This email was sent using FREE Catholic Online Webmail. http://webmail.catholic.org/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- RE: DCOM RPC exploit (dcom.c) fulldisclosure (Jul 27)
- <Possible follow-ups>
- Re: DCOM RPC exploit (dcom.c) democow .... (Jul 27)
- RE: DCOM RPC exploit (dcom.c) John . Airey (Jul 28)
- DCOM Exploit : FAQ Nicolas RUFF (lists) (Jul 28)
- Re: DCOM Exploit : FAQ upb (Jul 29)
- DCOM Exploit : FAQ Nicolas RUFF (lists) (Jul 28)
