This update resolves a newly-discovered, privately-reported vulnerability. A remote code execution vulnerability exists in Server Message Block (SMB) that could allow an attacker who successfully exploited this vulnerability to take complete control of the affected system. . An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
Yumm Yumm
But you must logon first, i dunno if Null-Session is enough.
as0l0
Jun 15 2005, 02:20 AM
QUOTE(seppel18 @ Jun 15 2005, 08:28 AM)
But you must logon first, i dunno if Null-Session is enough.
from isc.sans.org
MS05-027 Update: There have been a few people who have written in expressing confusion on whether there needs to be authentication for this exploit to work. A plain reading of the bulletin by Microsoft indicates that this is a pre-authentication bug and that any anonymous user can theoretically exploit it.
seppel18
Jun 15 2005, 02:39 AM
I's Worm time Again... Like every Summer...
[eXPhase
Jun 15 2005, 02:47 AM
Worm time is always interesting. Let's see what this one can do
Titus
Jun 15 2005, 07:55 AM
hehe m$ gangtas did not secure their products again. lets see what happens
its not the worm summertime , the ports are bloced by ISPs by now , so a limited infection will occur .. thats if they released the exploit in public , in the last days i see the exploits are not released or privately released although there exists a critical bug , u have to search urself to get it else u wont find it
aelphaeis_mangarae
Jun 16 2005, 05:38 AM
QUOTE
the ports are bloced by ISPs by now
I doubt many ISP's would block Port 445 (SMB)
I mean I know mine doesn't, If your talking about AOL and such yeh....
saetji
Jun 16 2005, 08:05 AM
Off the top of my head, I only know of about 5 ISPs which have blocked the netbios ports and it'll be at least a week after the code is released that a worm for it is made, so get a firewall people
joepi
Jun 19 2005, 03:21 AM
QUOTE(saetji @ Jun 16 2005, 08:05 AM)
Off the top of my head, I only know of about 5 ISPs which have blocked the netbios ports and it'll be at least a week after the code is released that a worm for it is made, so get a firewall people
5 ISP`s well Aren`t there a little more then a few hundred ISP`s around and just look at all the devastation the lsass sploit did. Started of pretty quitly and ended in a big ass snowball.....
Think this might end up with kind of a large effect on the longer run though.....
Hopefully people start using there firewall as it was intended to be used for.....
Greetz Joepi
MrBean
Jun 22 2005, 01:14 PM
Am off to get my firewall then
vnet576
Jun 22 2005, 04:33 PM
Those 5 ISPs are the largest in the country and have majority market share (comcast, roadrunner, the rest slip my mind). So for all intents and purposes the port is blocked in the US.
I'm speaking with the US in mind, so I have no idea how ISPs in other countries are structured.
seppel18
Jun 22 2005, 04:46 PM
In Germany, the biggest ISP here does not block.
LKM
Jun 25 2005, 07:11 AM
ISP aren't blocking any port in France
tomas\
Jun 26 2005, 07:19 PM
After dcom and later lsass most big ISPs, universitys and companys blocked 139 and 445 and kept it that way..
NoRRiS
Jun 26 2005, 07:36 PM
QUOTE(LKM @ Jun 25 2005, 07:11 AM)
ISP aren't blocking any port in France
Wanadoo is blocking some port like 139 and 445 Now my ISP is Free and every port are opend
GamezDoG
Jun 28 2005, 08:09 AM
in holland most isp`s don`t block anything i know in belgium they do block ports but not sure wich
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Like every Summer...
