eEye Free RPC/DCOM Vulnerability Scanning Tool

eEye Free RPC/DCOM Vulnerability Scanning Tool

Post by Monty Solomo » Mon, 28 Jul 2003 12:55:18

July 26, 2003 - eEye Providing Free Detection Utility to Combat
Exploit for Microsoft RPC DCOM Vulnerability Currently Circulating on
the Internet

Exploit targets unpatched Microsoft Windows desktops and servers.
Administrators urged to scan their networks for vulnerable machines.

(Aliso Viejo, CA; Geneva, Switzerland) - July 26, 2003. eEye Digital
Security has learned that an exploit which takes advantage of a
critical Windows vulnerability discovered last week is now propagating
over the Internet. The exploit targets a buffer overflow associated
with Windows' implementation of Remote Procedure Call (RPC) and
impacts Windows NT, 2000, XP and Windows Server 2003. On July 16, 2003
Microsoft issued a patch for the vulnerability that was originally
discovered by the Polish research group Last Stage of Delirium. To
combat the vulnerability, eEye has released a free scanning utility to
detect unpatched systems.

The vulnerability impacts the way in which RPC is implemented in the
Windows Operating System. The exploit enables remote attackers to send
a specially crafted RPC request to TCP port 135 on machines that are


1. nessus scan reveals vulnerability on port domain (53/tcp)

allow-recursion { localnets; };

allow-recursion { 10/8; };

You can, of course, associate names with arbitrary addresses, address ranges
and/or address prefixes. For instance, on some of my firewalls I have

allow-recursion { extranet; };

where "extranet" is an "acl" I define myself (as opposed to the built-in "acl"s
like "localnets").

By the way, you should upgrade to at least BIND 8.2.3 because of the security
vulnerability that was just fixed.

- Kevin

2. Initializing Static Constants in Shared Libraries

3. Software tester

4. RPC TOOLS---Analysis

5. how to make pushbuttons check the state of a togglebutton

6. ANNOUNCE: New free Newsletter - Win Free NetWare NDS/MS tools

7. multiple Boot

8. Scanning/Reporting tool

9. Tool to Scan network

10. new scanning tool

11. tool required to scan DHCP LAN