Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security VulnWatch
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[VulnWatch] LLSSRV Clarifications [Immunity]

from [Dave Aitel] Network Security [Permanent Link]
Subject: [VulnWatch] LLSSRV Clarifications [Immunity]
Date: Wed, 16 Mar 2005 17:08:39 -0500
Immunity is happy to announce the release from VSC of a new paper to our public website regarding the technical details of the llssrv vulnerability Microsoft released on February 8th, 2005. Along with this paper, we've released a reliable, language-independant exploit to the CANVAS distribution.

As stated in MS05-010, LLSSRV is not remotely exploitable on Windows 2000 Server SP3 and 4 without authentication. However, it is remotely exploitable in Windows 2000 Advanced Server SP 3 and 4 without authentication. This information, missing from MS05-010, is a perfect example as to why fully independant third party security information and exploit code provide a key link in an organization's ability to understand and evaluate the risk posted by vulnerabilities.

Further details, vulnerability release scheduling, and other information are available here:
http://www.immunitysec.com/resources-advisories.shtml

Thanks,
Dave Aitel
Immunity, Inc.

[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [VulnWatch] LLSSRV Clarifications [Immunity], Dave Aitel <=
Previous by Date:  iDEFENSE Security Advisory 03.14.05: MySQL MaxDB Web Agent Multiple Denial of Service Vulnerabilities, iDEFENSE Labs
Next by Date:  [VulnWatch] LLSSRV Redux, Dave Aitel
Previous by Thread:  iDEFENSE Security Advisory 03.14.05: MySQL MaxDB Web Agent Multiple Denial of Service Vulnerabilities, iDEFENSE Labs
Next by Thread:  [VulnWatch] LLSSRV Redux, Dave Aitel
Indexes:  [Date] [Thread] [Top] [All Lists]