On Mon, Aug 11, 2003 at 02:08:39PM -0700, Jim Wood wrote: > We are seeing several customers equipment with a security hole that has > been exploited > If you have any information on fixes, cases, or further damage please > email me immediately. http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.html http://isc.sans.org/diary.html?date=2003-08-11 (lagged occasionally) (with neato graph: http://isc.sans.org/images/port135percent.png ) A quick search on bugtraq will find -lots- of information on the vulnerability: (bugtraq archives here: http://www.securityfocus.com/archive/1 -- search around for these messages in the archives -- or, i'd be happy to send these messages off to folks who hate the bugtraq archives as much as I do :) Jul 21 benjurry ( 95) Microsoft Windows 2000 RPC DCOM Interface DO Jul 22 voleur@speakeas ( 2) Re: Microsoft Windows 2000 RPC DCOM Interfac Jul 22 flashsky fangxi ( 20) Re: Microsoft Windows 2000 RPC DCOM Interfac Jul 23 benjurry ( 22) Re: Microsoft Windows 2000 RPC DCOM Interfac Jul 26 Marc Maiffret ( 36) EEYE:ALERT Free RPC/DCOM vulnerability scann Jul 26 fulldisclosure@ ( 374) DCOM RPC exploit (dcom.c) Jul 26 S G Masood ( 50) Re: DCOM RPC exploit (dcom.c) Jul 28 Marc Maiffret ( 75) RE: DCOM RPC exploit (dcom.c) Jul 29 Thor Larholm ( 50) RE: RPC DCOM still vulnerable even after ap Jul 29 sk@scan-associa ( 14) Re: DCOM RPC exploit (dcom.c) Jul 29 sloppy seconds ( 12) RE: RPC DCOM still vulnerable even after ap Jul 29 Martin Peikert ( 10) Re: DCOM RPC exploit (dcom.c) Aug 01 the farpointer ( 224) Unix command line RPC/DCOM Vulnerability Sc Aug 11 Dave Ahmad ( 69) New Windows DCOM Worm - msblast.exe (fwd) Aug 11 Dave Ahmad ( 23) DCOM worm analysis report: W32.Blaster.Worm -- People who separate manpages from the programs they document would steal sheep. -- apologies to Goudy
This archive was generated by hypermail 2b30 : Mon Aug 11 2003 - 15:46:17 PDT
