Full Disclosure mailing list archives
RE: MS03-039 has been released - critical
From: "Anthony Aykut" <anthony.aykut () frame4 com>
Date: Wed, 10 Sep 2003 22:31:12 +0200
MS03-026 patched against 1 buffer overflow. MS03-039 patches against 3 new buffer overflows. That means there are 4 problems in all. All 4 problems occur via DCOM over RPC. All 4 problems could be attacked in a similar fashion. All 4 problems (as they are likely to occur in an Internet-wide attack) can be thwarted by disabling DCOM. 2 of the 3 new problems can be turned into worms. If you applied MS03-026, you can still be attacked via the 3 problems patched by MS03-039. MS03-039 corrects all 4 known DCOM/RPC problems (that's what they mean when they say it "supercedes" MS03-026.) If you haven't patched, and are going to patch, patch with MS03-039. Anthony -----Original Message----- From: full-disclosure-admin () lists netsys com [mailto:full-disclosure-admin () lists netsys com]On Behalf Of Robert Ahnemann Sent: Wednesday, September 10, 2003 20:31 To: full-disclosure () lists netsys com Subject: RE: [Full-disclosure] MS03-039 has been released - critical I ran the test program (as linked by MS) to see if the network showed as patched. I haven't patched any of the machines with the 039 code, but all are patched with the 026 one (original one as of July 16th) Does this exploit still work (as in leave a vuln) if we have patched 026? Might be a dumb question, but I bet other people are thinking it too. -----Original Message----- From: Exibar [mailto:exibar () thelair com] Sent: Wednesday, September 10, 2003 12:42 PM To: full-disclosure () lists netsys com Subject: Re: [Full-disclosure] MS03-039 has been released - critical anyone know of a 'sploit for this one yet? Or even proof of concept code? ----- Original Message ----- From: "Ryan, Pete" <pete.ryan () thomson com> To: <full-disclosure () lists netsys com> Sent: Wednesday, September 10, 2003 12:23 PM Subject: [Full-disclosure] MS03-039 has been released - critical
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/secur ity/
bulletin/MS03-039.asp -Pete _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- RE: MS03-039 has been released - critical, (continued)
- RE: MS03-039 has been released - critical Marc Maiffret (Sep 10)
- RE: [inbox] RE: MS03-039 has been released - critical Exibar (Sep 10)
- RE: [inbox] RE: MS03-039 has been released - critical Jade E. Deane (Sep 10)
- The role of explicit advisories (was: MS03-039 has been released - critical) l8km7gr02 (Sep 11)
- Re: MS03-039 has been released (DoS) sploit ? Elv1S (Sep 10)
- Re: Re: MS03-039 has been released (DoS) sploit ? Yannick Van Osselaer (Sep 10)
- RE: [inbox] Re: MS03-039 has been released (DoS) sploit ? Exibar (Sep 10)
- RE: MS03-039 has been released - critical Anthony Aykut (Sep 10)
- Re: MS03-039 has been released - critical Exibar (Sep 10)
- RE: MS03-039 DoS Exploit Elv1S (Sep 10)
- Re: MS03-039 has been released - critical Kurt Seifried (Sep 10)