Pantek Library
Hosting Provided By
CybrHost
High Speed Hosting
Mailing Lists: securityfocus.com > incidents > 03 > 071834.html (Request Expert securityfocus.com Support)

RE: Exploit for Windows RPC may be in the wild!

From: Stuart <secmail(at)patchsupplier.dyndns.org>
Date: Wed Jul 30 2003 - 22:03:45 EDT

 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I also ran it on an XP machine (Pro) that was up to date except for the latest patch for RPC and it worked perfect. Telnet to port 4444 and had a shell, then as soon as I typed "exit" the host shutdown and rebooted.

Stu

  • -----Original Message----- From: Christian Kieft [mailto:christian@kieft.de] Sent: 30 July 2003 17:16 To: Jeff Adams Cc: incidents@securityfocus.com Subject: Re: Exploit for Windows RPC may be in the wild!

On Tue, Jul 29, 2003 at 01:09:33PM -0400, Jeff Adams wrote:
> It seems as though the success rate on un-patched machines is
> not 100% On un-patched machines I was getting it to work maybe 60
> to 70% of the time.

I tried a few XP machines (patched up-to-date except the patch for this RPC
hole) and it didn't work perfectly - the daemon simply crashed and XP rebooted.

chr

  • ----------------------------------------------------------------------
  • -----
  • ----------------------------------------------------------------------
  • ------

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.2

Do you need help?X

iQIVAwUBPyh5AZMRMj30dWmZAQL5oRAAgFqBWmrzRSWoR+g92qmS9UbbtnDnqGW5 yYwYBwjtwyKxHavqTO0FN8n0Jbjv2WQAmq4tFK/scqIa6RSW3kAz8wwkA6K6O7Lf zYTdOHVvgIs9IoqlGNeIP+43fzvbnGefXyt2A4J5BIe3FKocCPfQlQhip5z0pPt9 aYkWx89HJKjDA5WSQMkxlPO1ODFvnftWPGzpvQhRC1c+22CqvDlptLN63npEjD72 LO+nRRMJ0MaR5OLvUYLNQRRGSP1Yyl4F2QqVsF+ubBABsTdRH9nfoGGonCPjI7so DV5Jg0NX6s9WKSdQrNeLAR8NVj1PbqKqdQmWYGLMFRtn4i2xcWAWWvzGgOB5578k 4F0rt0DgOfXX+Jx957xS2aRBer/MeLd5YcfIkACHevT0mWgD9IX0CfZm931+82ye lYQ78LzIcz+dP2wb5ZhGCH1s2fp3qQDJIr0Av17yeaIYIDQiuFonNzYyPgCNHHv2 Pprfk4OD2GMcXctJo8kzJ9diXET3o4SCnZ3D1NfhO97jk4X/6cm0PJwqS32cHJJz FC/7YGjUAbEq9vjosv//7uJR+VfJ/3pcE04mt6zKkdfwMoOhx2qV48Z8n7vIQEeq LddobUH83lh5rDyxVF+ZtslkfdRYpAwe+SIKda0GipYCBQV7JeEA0JJZjCAI2YPw Qe7abVwBEL8=
=c7BI
-----END PGP SIGNATURE-----

Received on Thu Jul 31 10:56:17 2003

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:02:14 EDT

Contact Us  Legal Notices  Order Services Online 
Pantek Home  Privacy Policy  IT news  Site Map  Pantek Library