1. Its not even bad enough that people are not firewalling... they are not patching.
2. Yes there are proof of concept exploits out there for the vulnerability that Sapphire uses. One of those was by [EMAIL PROTECTED] You can check it out on: http://www.cnhonker.net/index.php http://www.cnhonker.net/Files/show.php?id=167 Signed, Marc Maiffret Chief Hacking Officer eEye Digital Security T.949.349.9062 F.949.349.9538 http://eEye.com/Retina - Network Security Scanner http://eEye.com/Iris - Network Traffic Analyzer http://eEye.com/SecureIIS - Stop known and unknown IIS vulnerabilities | -----Original Message----- | From: [EMAIL PROTECTED] | [mailto:[EMAIL PROTECTED]]On Behalf Of Richard M. | Smith | Sent: Saturday, January 25, 2003 8:51 AM | To: 'Full-Disclosure'; 'Richard M. Smith' | Subject: [Full-Disclosure] A few quick questions about the SQL Sapphire | Worm | | | Hi, | | I have a few quick questions about this new SQL Sapphire worm: | | 1. The worm spreads via UDP port 1434. Shouldn't | all firewalls already be blocking this port? | | 2. Did anyone ever publish sample exploit code for the | MS02-039 security hole that the Sapphire worm uses? | If so, what's the URL for the sample code? | | Thanks, | Richard M. Smith | http://www.ComputerBytesMan.com | | _______________________________________________ | Full-Disclosure - We believe in it. | Charter: http://lists.netsys.com/full-disclosure-charter.html | _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html