[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [cobalt-security] W32/Lovsan.worm Attacking Port 135
- Subject: RE: [cobalt-security] W32/Lovsan.worm Attacking Port 135
- From: "Graeme Fowler" <graeme.fowler@xxxxxxxxxxxxxx>
- Date: Tue, 12 Aug 2003 18:44:55 +0100
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
On 12 August 2003 18:22, Rex Gaylord wrote:
> Is anybody else getting attacks on Port 135 that is related to this
> new virus and do you know if we are vulnerable. It looks like it only
> infects windows machines to me so far?
1. Yes
2. No [see below]
3. Indeed, it is another worm exploiting another vulnerability in the
underlying Windows subsystems (this time it's the RPC subsystem, crucial
to normal operation).
[note]
If you're running a publically-accessible Samba server (on a Qube, for
example), it _might_ cause a local service DoS if it manages to make the
daemon crash. It won't, however, exploit it since the hole is in
Windows, not Samba, code.
Graeme