<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML dir=ltr><HEAD>
<META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
<META content="MSHTML 6.00.2730.1700" name=GENERATOR></HEAD>
<BODY>
<DIV><SPAN class=553291203-11092003><FONT face=Arial color=#0000ff size=2>Seems
guys you are mistaking. Here is the NSfocus advisory. In fact they found (as the
M$ advisory is not clear on the subject) the 2nd BoF(<A
href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0528"><FONT
face="Times New Roman" size=3>CAN-2003-0528</FONT></A>) and not the DoS.
The one you are talking of is an old (few weeks) vulnerability related to
MS03-026 found by Ben Jurry.</FONT></SPAN></DIV>
<DIV><SPAN class=553291203-11092003><FONT face=Arial color=#0000ff
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=553291203-11092003><FONT face=Arial color=#0000ff size=2><A
href="http://www.nsfocus.com/english/homepage/research/0306.htm">http://www.nsfocus.com/english/homepage/research/0306.htm</A></FONT></SPAN></DIV>
<DIV><SPAN class=553291203-11092003><FONT face=Arial color=#0000ff
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=553291203-11092003>
<DIV class=Section1>
<P class=MsoNormal style="LINE-HEIGHT: 12pt; mso-line-height-rule: exactly">Reda
Zitouni</P>
<P class=MsoNormal
style="LINE-HEIGHT: 12pt; mso-line-height-rule: exactly">Security Engineer</P>
<P class=MsoNormal
style="LINE-HEIGHT: 12pt; mso-line-height-rule: exactly">VIGILANTe - France</P>
<P class=MsoNormal style="LINE-HEIGHT: 12pt; mso-line-height-rule: exactly"><A
title=http://www.vigilante.com/ href="outbind://157/BLOCKED"><SPAN
style="FONT-SIZE: 10pt">http://www.VIGILANTe.com</SPAN></A></P>
<P class=MsoNormal
style="LINE-HEIGHT: 12pt; mso-line-height-rule: exactly"> </P></DIV></SPAN></DIV>
<DIV><BR><BR></DIV>
<DIV class=OutlookMessageHeader lang=fr dir=ltr align=left>
<HR tabIndex=-1>
<FONT face=Tahoma size=2><B>De :</B> Exibar [mailto:exibar@thelair.com]
<BR><B>Envoyé :</B> jeudi 11 septembre 2003 01:58<BR><B>À :</B> Elv1S;
full-disclosure@lists.netsys.com<BR></FONT><BR></DIV>
<DIV></DIV>
<DIV dir=ltr align=left><SPAN class=915375623-10092003><FONT face=Arial
color=#0000ff size=2>Sure looks that way, especially with the 7/21 datestamp for
the directory and in the page name :-)</FONT></SPAN></DIV>
<DIV><SPAN class=915375623-10092003><FONT face=Arial color=#0000ff
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=915375623-10092003><FONT face=Arial color=#0000ff size=2>
It's *very* unlikely that we see a worm that acts on the DoS vuln, it's just too
much work. The BoF's are the ones that has my attention and need to patch
urgently.</FONT></SPAN></DIV>
<DIV><SPAN class=915375623-10092003><FONT face=Arial color=#0000ff
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=915375623-10092003><FONT face=Arial color=#0000ff size=2>
Exibar</FONT></SPAN></DIV>
<BLOCKQUOTE>
<DIV class=OutlookMessageHeader dir=ltr align=left><FONT face=Tahoma
size=2>-----Original Message-----<BR><B>From:</B>
full-disclosure-admin@lists.netsys.com
[mailto:full-disclosure-admin@lists.netsys.com]<B>On Behalf Of
</B>Elv1S<BR><B>Sent:</B> Wednesday, September 10, 2003 6:49 PM<BR><B>To:</B>
full-disclosure@lists.netsys.com<BR><B>Subject:</B> [inbox] [Full-Disclosure]
Re: MS03-039 has been released (DoS) sploit ?<BR><BR></FONT></DIV>
<DIV>
<DIV>thinkin' that they talking about the xfocus sploit public since 07-21 ?
for the DoS vuln MS03-032</DIV>
<DIV> </DIV>
<DIV>true or not ?</DIV>
<DIV> </DIV>
<DIV><A
href="http://www.k-otik.com/exploits/07.21.win2kdos.c.php">http://www.k-otik.com/exploits/07.21.win2kdos.c.php</A></DIV>
<DIV><BR><BR><B><I>Mike Tancsa <mike@sentex.net></I></B> wrote:</DIV>
<BLOCKQUOTE class=replbq
style="PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #1010ff 2px solid"><BR>http://xforce.iss.net/xforce/alerts/id/152
says,<BR><BR>"The new DoS vulnerability was disclosed by a hacking group in
China on<BR>July 25, 2003, and functional exploit code is already in use on
the<BR>Internet. "<BR><BR>---Mike<BR><BR><BR>At 01:41 PM 10/09/2003, Exibar
wrote:<BR>>anyone know of a 'sploit for this one yet? Or even proof of
concept code?<BR>><BR>><BR>>----- Original Message
-----<BR>>From: "Ryan, Pete" <PETE.RYAN@THOMSON.COM><BR>>To:
<FULL-DISCLOSURE@LISTS.NETSYS.COM><BR>>Sent: Wednesday, September 10,
2003 12:23 PM<BR>>Subject: [Full-Disclosure] MS03-039 has been released -
critical<BR>><BR>><BR>> ><BR>>
><BR>>http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/<BR>>
> bulletin/MS03-039.asp<BR>> ><BR>> > -Pete<BR>>
><BR>> > _______________________________________________<BR>>
> Full-Disclosure - We believe in it.<BR>> > Charter:
http://lists.netsys.com/full-disclosure-charter.html<BR>><BR>>_______________________________________________<BR>>Full-Disclosure
- We believe in it.<BR>>Charter:
http://lists.netsys.com/full-disclosure-charter.html<BR><BR>_______________________________________________<BR>Full-Disclosure
- We believe in it.<BR>Charter:
http://lists.netsys.com/full-disclosure-charter.html</BLOCKQUOTE></DIV>
<P>
<HR SIZE=1>
Do you Yahoo!?<BR><A
href="http://us.rd.yahoo.com/evt=10469/*http://sitebuilder.yahoo.com">Yahoo!
SiteBuilder</A> - Free, easy-to-use web site design
software</BLOCKQUOTE></BODY></HTML>