[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-security] W32/Lovsan.worm Attacking Port 135

Subject: RE: [cobalt-security] W32/Lovsan.worm Attacking Port 135
From: "Graeme Fowler" <graeme.fowler@xxxxxxxxxxxxxx>
Date: Tue, 12 Aug 2003 18:44:55 +0100
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

On 12 August 2003 18:22, Rex Gaylord wrote:
> Is anybody else getting attacks on Port 135 that is related to this
> new virus and do you know if we are vulnerable.  It looks like it only
> infects windows machines to me so far?

1. Yes
2. No [see below]
3. Indeed, it is another worm exploiting another vulnerability in the
underlying Windows subsystems (this time it's the RPC subsystem, crucial
to normal operation).

[note]
If you're running a publically-accessible Samba server (on a Qube, for
example), it _might_ cause a local service DoS if it manages to make the
daemon crash. It won't, however, exploit it since the hole is in
Windows, not Samba, code.

Graeme

Follow-Ups:
- RE: [cobalt-security] W32/Lovsan.worm Attacking Port 135
  - From: James Nesbitt \(IHQ Network\)

Prev by Date: Re: [cobalt-security] W32/Lovsan.worm Attacking Port 135
Next by Date: Re: [cobalt-security] test for echo
Previous by thread: Re: [cobalt-security] Blaster worm?
Next by thread: RE: [cobalt-security] W32/Lovsan.worm Attacking Port 135

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index