> -----Original Message----- > From: Robert Banniza [mailto:[EMAIL PROTECTED] > Sent: Tuesday, July 29, 2003 11:26 AM > To: [EMAIL PROTECTED] > Subject: Re: [Full-Disclosure] DCOM RPC exploit (dcom.c) > > > Just received this from ISS minutes ago...Another RPC > vulnerability scanning tool: > >http://www.iss.net/support/product_utilities/ms03-026rpc.php > >Couple things we have noticed.... > >1) OS identification is pretty much hit and miss >2) We have seen where XP SP1 unpatched doesn't show vulnerable >(this patch was previously installed and then un-installed.) >However, machine is confirmed vulnerable.
I did a simple comparison of the two tools on one VLAN. They both found the same hosts and they both agreed on which were patched and which were not patched. >Anyone else know what the last column of the output means? >i.e. '5.6' or '0.0'? I didn't see anything on their site explaining what those numbers mean and both patched and vulnerable machines produced both numbers, so I have no idea what they mean. Paul Schmehl ([EMAIL PROTECTED]) Adjunct Information Security Officer The University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu/~pauls/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
