Security Forums

ShaolinTiger · Last edited by ShaolinTiger on Sun Jul 27, 2003 6:00 pm; edited 1 time in total

This is somewhat worrying. Could be worse than slammer in the right/wrong hands Rolling Eyes

alt.don · SF Boss Joined: 04 Mar 2003 Posts: 2486

Took me awhile to answer to this as I was wiping off the coffee which came through my nose onto my monitor. Laughing

That is priceless though, he "fixed" the sploit. Talk about hoisting their collective petard. Well hopefully MS security is now working on a fix "toute suite". This will be intersting to see if it does hit the wild.

RoboGeek · SF Mod Joined: 13 Jun 2003 Posts: 2179 Location: LeRoy, IL

Microsoft Exploit - Service Pack 1.. gotta love it.. Shocked

_________________
Beauty is in the eye of the beer holder.

CHeeKY · Frequent Member Joined: 13 Feb 2003 Posts: 231

got code and exploit, works ok by looks of things..
_________________
"i can stand brute force, but brute reason is quite unbearable. there is something unfair about its use. it is hitting below the intellect."

Aleius · Just Arrived Joined: 26 Jul 2003 Posts: 3

is there any program or something scrambler that could protect you from this thing if there is a threat?
_________________
Aleius will find you

r3L4x · New Member Joined: 06 Apr 2003 Posts: 41

lol i serously doubt this will be another slammer...an exploit this big, working on so many computers and OS's will be much bigger then slammer, and arrive much sooner.

EricTheBald · Forum Addict Joined: 06 Feb 2003 Posts: 307

So what you're saying is that we should be so lucky that it's ONLY as bad as Slammer?

You know, and I have to say that this is purely a hunch on my part, with nothing to base it on more concrete than a gut feeling...
I think we're only days away from getting hit with this.

Well, I shouldn't say "we".

I'm PATCHED dangnabbit! Mr. Green

I may not be a \337 haX0r, but I know where the "Update" button is!
_________________
The older I get the better I feel about tearing up parking tickets and cheating on my taxes.

Sgt_B · Posted: Fri Aug 01, 2003 4:42 pm Post subject:

August 1st and still no major "attack traffic". Just want to mention I tried running the sploit on windows and nix, and it worked flawlessly. Like _MHz says, its way too easy to run. I rooted my buddies machine for testing (my machine was already patched), and within seconds I was staring at a nice little command prompt.
So are we taking bets on when the worm is coming out? I could see some little monkey scripting this to do all sorts of horrible stuff.
Worse than slammer? You better believe it!
_________________
"All that is necessary for the triumph of evil is that good men do nothing." --Edmund Burke (1729 - 1797)

ZATRiX · Posted: Fri Aug 01, 2003 9:59 pm Post subject:

This is truly a major threat. I have tried this exploit on my entire work network PCs (15) and every single one of them fell vulnerable to the attack. I am able to get ‘root’ and do well pretty much anything except deleting files. But I’ve found a way to upload files so it’s deadly.

However I have found a simple fix to this “huge” problem. It’s a simple change in your registry without downloading anything major.

HKEY_LOCAL_MACHINE\Software\Microsoft\OLE

Simply set the value to “N” and your set. Of course that isn’t enough, you should never have NetBios enabled etc.
_________________
http://www.zatrixsolutions.com

scapermoya · Posted: Fri Aug 01, 2003 10:23 pm Post subject:

I found it
dcom.c
is that it?
I downloaded a compiler for C, ran it, and it couldnt find any o fthe includes? what do i do?
chinchill.^.
_________________
If toast always lands butter-side down, and cats always land on their feet, what happens if you strap toast on the back of a cat --and drop it?

scapermoya · Posted: Sat Aug 02, 2003 1:21 am Post subject:

stupid me,
this only compiles in Linux,
mkay.
_________________
If toast always lands butter-side down, and cats always land on their feet, what happens if you strap toast on the back of a cat --and drop it?

PhiBer · Posted: Sat Aug 02, 2003 2:27 am Post subject:

This sux,
Yet another patch i have to run on my server....
Hey where did u guys get the Exploit? I wanna try running it on my system.....u have to compile it in C on a nix box, right?
_________________
"The ultimate measure of a man is not where he stands in moments of comfort, but where he stands at times of challenge and controversy" –Martin Luther King

squidly · Posted: Sat Aug 02, 2003 2:36 am Post subject:

Check out Full-Disclosure. And google Smile

I tried it against my box and well what do you know.. my box is up to day and patched Smile

_________________
How to ask questions!
Google is your friend!

vlad902 · Frequent Member Joined: 04 Jan 2003 Posts: 162

Meh, no worry to me, my firewall/router doesn't router any packets to the windows boxes and it only routes 22/80 and that's to a *N?X box... Althought I'll set it up so that 137/139 redirect to CharGen Twisted Evil

r3L4x · New Member Joined: 06 Apr 2003 Posts: 41

one by hdm can either be ran on win32 or a nix system or win32 with cygwin installed.

PhiBer · Posted: Sun Aug 03, 2003 2:56 am Post subject:

I finally patched my system!!!!!!!!!! Got it secure again Very Happy

One thing i dont understand, on this webpage....the snort rules, is that the exploit itself?

http://isc.sans.org/diary.html?date=2003-08-01
_________________
"The ultimate measure of a man is not where he stands in moments of comfort, but where he stands at times of challenge and controversy" –Martin Luther King

Security Forums

Special offer!

Featured Links*

Community Area

Featured Products

TechGenix Sites

	Security Forums Index -> Exploits // System Weaknesses	All times are GMT + 2 Hours Goto page 1, 2, 3 Next
Page 1 of 3