Re: MS03-26

• From: "Jim Harrison" <jim@xxxxxxxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Mon, 21 Jul 2003 16:01:52 -0700

Not a problem, Tim; I'm always up to find the guy who can actually break
through ISA...

 Jim Harrison
 MCP(NT4, W2K), A+, Network+, PCG
 http://www.microsoft.com/isaserver
 http://isaserver.org/Jim_Harrison
 http://isatools.org

 Read the help, books and articles!
----- Original Message ----- 
From: "Thor" <Thor@xxxxxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Monday, July 21, 2003 15:18
Subject: [isalist] Re: MS03-26


http://www.ISAserver.org



This is a multi-part message in MIME format.



----------------------------------------------------------------------------
----


That's cool... I didn't really think you could share it if you had it. :)
I'm sure I'll be getting my hands on actual exploit code soon, so I too will
try it against the pub rules.  Not that I don't trust your tool, but I just
want to make sure, you know?

t



-----Original Message----- 
From: Jim Harrison [mailto:jim@xxxxxxxxxxxx]
Sent: Mon 7/21/2003 5:39 PM
To: [ISAserver.org Discussion List]
Cc:
Subject: [isalist] Re: MS03-26



http://www.ISAserver.org


MSRC handed me a test app, which I'm not at liberty to share (obviously).
Sorry..  I know there are more honest folks trying to validate their
security than there are h2x0rs trying to create the next worm, but NDA
constraints and all that.

Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://www.microsoft.com/isaserver
http://isaserver.org/Jim_Harrison
http://isatools.org

Read the help, books and articles!
----- Original Message -----
From: "Thor" <Thor@xxxxxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Monday, July 21, 2003 14:22
Subject: [isalist] Re: MS03-26


http://www.ISAserver.org



This is a multi-part message in MIME format.



----------------------------------------------------------------------------
----


Indeed. But, how exactly did you test that, Jim?  Do you have some exploit
code hidden away somewhere?  Care to share Big Boy???

t

-----Original Message-----
From: Jim Harrison [mailto:jim@xxxxxxxxxxxx]
Sent: Mon 7/21/2003 5:13 PM
To: [ISAserver.org Discussion List]
Cc:
Subject: [isalist] Re: MS03-26



http://www.ISAserver.org


..hmmmm..  seems you is right.
Still, it's nice to know that ISA blocks it even when publishing RPC...

Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://www.microsoft.com/isaserver
http://isaserver.org/Jim_Harrison
http://isatools.org

Read the help, books and articles!
----- Original Message -----
From: "Deus, Attonbitus" <Thor@xxxxxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Monday, July 21, 2003 10:27
Subject: [isalist] MS03-26


http://www.ISAserver.org


At 09:21 AM 7/21/2003, you wrote:

Yo "ISA_Dewd" :)

Saw your comments on my article.  Thanks for providing that info about
publishing RPC and ISA's protection of it.

I know now that it is indeed exploitable over TCP 135 *and* UDP 135-- I got
confirmation from LSD on that...  Though we are all protected, I am still
very worried about this one... This is a class exploit, and if/when a
multi-vector worm is written, it will make slammer look like a fin packet.

t


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
thor@xxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')





----------------------------------------------------------------------------
----


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
thor@xxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')





----------------------------------------------------------------------------
----


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

Other related posts:

• » MS03-26
• » Re: MS03-26
• » Re: MS03-26
• » Re: MS03-26
• » Re: MS03-26
• » Re: MS03-26
• » Re: MS03-26
• » Re: MS03-26
• » Re: MS03-26
• » Re: MS03-26
• » Re: MS03-26

1. Home
2. isalist
3. Archive
4. 07-2003

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---