Re: MS03-26

• From: "Thor" <Thor@xxxxxxxxxxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Mon, 21 Jul 2003 18:18:17 -0400

That's cool... I didn't really think you could share it if you had it. :)  I'm 
sure I'll be getting my hands on actual exploit code soon, so I too will try it 
against the pub rules.  Not that I don't trust your tool, but I just want to 
make sure, you know?
 
t
 
 
 
-----Original Message----- 
From: Jim Harrison [mailto:jim@xxxxxxxxxxxx] 
Sent: Mon 7/21/2003 5:39 PM 
To: [ISAserver.org Discussion List] 
Cc: 
Subject: [isalist] Re: MS03-26



        http://www.ISAserver.org
        
        
        MSRC handed me a test app, which I'm not at liberty to share 
(obviously).
        Sorry..  I know there are more honest folks trying to validate their
        security than there are h2x0rs trying to create the next worm, but NDA
        constraints and all that.
        
         Jim Harrison
         MCP(NT4, W2K), A+, Network+, PCG
         http://www.microsoft.com/isaserver
         http://isaserver.org/Jim_Harrison
         http://isatools.org
        
         Read the help, books and articles!
        ----- Original Message -----
        From: "Thor" <Thor@xxxxxxxxxxxxxxx>
        To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
        Sent: Monday, July 21, 2003 14:22
        Subject: [isalist] Re: MS03-26
        
        
        http://www.ISAserver.org
        
        
        
        This is a multi-part message in MIME format.
        
        
        
        
----------------------------------------------------------------------------
        ----
        
        
        Indeed. But, how exactly did you test that, Jim?  Do you have some 
exploit
        code hidden away somewhere?  Care to share Big Boy???
        
        t
        
        -----Original Message-----
        From: Jim Harrison [mailto:jim@xxxxxxxxxxxx]
        Sent: Mon 7/21/2003 5:13 PM
        To: [ISAserver.org Discussion List]
        Cc:
        Subject: [isalist] Re: MS03-26
        
        
        
        http://www.ISAserver.org
        
        
        ..hmmmm..  seems you is right.
        Still, it's nice to know that ISA blocks it even when publishing RPC...
        
        Jim Harrison
        MCP(NT4, W2K), A+, Network+, PCG
        http://www.microsoft.com/isaserver
        http://isaserver.org/Jim_Harrison
        http://isatools.org
        
        Read the help, books and articles!
        ----- Original Message -----
        From: "Deus, Attonbitus" <Thor@xxxxxxxxxxxxxxx>
        To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
        Sent: Monday, July 21, 2003 10:27
        Subject: [isalist] MS03-26
        
        
        http://www.ISAserver.org
        
        
        At 09:21 AM 7/21/2003, you wrote:
        
        Yo "ISA_Dewd" :)
        
        Saw your comments on my article.  Thanks for providing that info about
        publishing RPC and ISA's protection of it.
        
        I know now that it is indeed exploitable over TCP 135 *and* UDP 135-- I 
got
        confirmation from LSD on that...  Though we are all protected, I am 
still
        very worried about this one... This is a class exploit, and if/when a
        multi-vector worm is written, it will make slammer look like a fin 
packet.
        
        t
        
        
        ------------------------------------------------------
        List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
        ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
        ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
        ------------------------------------------------------
        Other Internet Software Marketing Sites:
        Leading Network Software Directory: http://www.serverfiles.com
        No.1 Exchange Server Resource Site: http://www.msexchange.org
        Windows Security Resource Site: http://www.windowsecurity.com/
        Network Security Library: http://www.secinf.net/
        Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
        ------------------------------------------------------
        You are currently subscribed to this ISAserver.org Discussion List as:
        jim@xxxxxxxxxxxx
        To unsubscribe send a blank email to leave-isalist-261495Q@xxxxxxxxxxxxx
        
        
        ------------------------------------------------------
        List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
        ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
        ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
        ------------------------------------------------------
        Other Internet Software Marketing Sites:
        Leading Network Software Directory: http://www.serverfiles.com
        No.1 Exchange Server Resource Site: http://www.msexchange.org
        Windows Security Resource Site: http://www.windowsecurity.com/
        Network Security Library: http://www.secinf.net/
        Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
        ------------------------------------------------------
        You are currently subscribed to this ISAserver.org Discussion List as:
        thor@xxxxxxxxxxxxxxx
        To unsubscribe send a blank email to leave-isalist-261495Q@xxxxxxxxxxxxx
        
        
        
        
        
        
----------------------------------------------------------------------------
        ----
        
        
        ------------------------------------------------------
        List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
        ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
        ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
        ------------------------------------------------------
        Other Internet Software Marketing Sites:
        Leading Network Software Directory: http://www.serverfiles.com
        No.1 Exchange Server Resource Site: http://www.msexchange.org
        Windows Security Resource Site: http://www.windowsecurity.com/
        Network Security Library: http://www.secinf.net/
        Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
        ------------------------------------------------------
        You are currently subscribed to this ISAserver.org Discussion List as:
        jim@xxxxxxxxxxxx
        To unsubscribe send a blank email to leave-isalist-261495Q@xxxxxxxxxxxxx
        
        
        ------------------------------------------------------
        List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
        ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
        ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
        ------------------------------------------------------
        Other Internet Software Marketing Sites:
        Leading Network Software Directory: http://www.serverfiles.com
        No.1 Exchange Server Resource Site: http://www.msexchange.org
        Windows Security Resource Site: http://www.windowsecurity.com/
        Network Security Library: http://www.secinf.net/
        Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
        ------------------------------------------------------
        You are currently subscribed to this ISAserver.org Discussion List as: 
thor@xxxxxxxxxxxxxxx
        To unsubscribe send a blank email to leave-isalist-261495Q@xxxxxxxxxxxxx
        

Other related posts:

• » MS03-26
• » Re: MS03-26
• » Re: MS03-26
• » Re: MS03-26
• » Re: MS03-26
• » Re: MS03-26
• » Re: MS03-26
• » Re: MS03-26
• » Re: MS03-26
• » Re: MS03-26
• » Re: MS03-26

1. Home
2. isalist
3. Archive
4. 07-2003

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---