[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-Disclosure] LSASS exploit win32 binary
- To: Chris Scott <cscott@xxxxxxxxxxxxxx>
- Subject: Re: [Full-Disclosure] LSASS exploit win32 binary
- From: Paul Tinsley <jackhammer@xxxxxxxxx>
- Date: Wed, 28 Apr 2004 23:53:18 -0500
look through the snort mailing lists or through the cvs rules, both
have rules for the lsass exploit.
On Wed, 28 Apr 2004 23:22:09 -0500, Chris Scott <cscott@xxxxxxxxxxxxxx> wrote:
>
> Does anyone have snort sigs or any means of defending against the worms that
> are exploiting this? Several acquaintances of mine which work for edu's are
> reporting their networks being affected by this in a big way. They have 2k
> machines which apparently broke when applied with the MS04-011 patch.
>
> Am I correct in saying that LSASS cannot be disabled completely because the
> Security Accounts Manager service which uses LSASS is required for normal
> operation of Windows?
>
>
> -----Original Message-----
> From: full-disclosure-admin@xxxxxxxxxxxxxxxx
> [mailto:full-disclosure-admin@xxxxxxxxxxxxxxxx] On Behalf Of
> bosborne@xxxxxxxxxxxxx
> Sent: Tuesday, April 27, 2004 10:36 PM
> To: full-disclosure@xxxxxxxxxxxxxxxx
> Subject: RE: [Full-Disclosure] LSASS exploit win32 binary
>
> for those who are testing... a "shutdown -a" will stop it shutting down
> although a manual shutdown after that displays a "You do not have
> permission to shut down this computer."
>
> tested it on 3 xp boxes without appropriate patch, all crashed.
>
> |---------+-------------------------------------->
> | | "Chris Scott" |
> | | <cscott@xxxxxxxxxxxxxx> |
> | | Sent by: |
> | | full-disclosure-admin@lists|
> | | .netsys.com |
> | | |
> | | |
> | | 28/04/2004 01:00 PM |
> | | |
> |---------+-------------------------------------->
>
> >---------------------------------------------------------------------------
> -----------------------------------|
> |
> |
> | To: <Q.Long@xxxxxxxxxx>, <full-disclosure@xxxxxxxxxxxxxxxx>
> |
> | cc:
> |
> | Subject: RE: [Full-Disclosure] LSASS exploit win32 binary
> |
>
> >---------------------------------------------------------------------------
> -----------------------------------|
>
> Tested against Windows XP Pro without the appropriate patch, it crashes the
> service and initiates a shutdown timer.
>
> -----Original Message-----
> From: full-disclosure-admin@xxxxxxxxxxxxxxxx
> [mailto:full-disclosure-admin@xxxxxxxxxxxxxxxx] On Behalf Of
> Q.Long@xxxxxxxxxx
> Sent: Tuesday, April 27, 2004 6:24 PM
> Subject: [Full-Disclosure] LSASS exploit win32 binary
>
> hi kids.
> here's the compiled version of LSASS exploit from k-otik ...
> http://users.volja.net/exceed/RLsasrv.zip
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html