Threat Level: green Handler on Duty: Rob VandenBrink

SANS ISC: InfoSec Handlers Diary Blog - Internet Storm Center Diary 2006-05-25 InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

MS SMB zero-day?

Published: 2006-05-25
Last Updated: 2006-05-25 19:49:18 UTC
by Erik Fichtner (Version: 2)
0 comment(s)
Update 19:40UTC :  It was all a series of unfortunate events.  FrSIRT has pulled their incorrect advisory related to the upcoming release of an exploit for MS05-011 in the next ImmunityInc CANVAS release. 

Thanks to everyone involved in tracking down the information.

--

Quite a few people have written in to give us a heads-up on http://www.frsirt.com/english/advisories/2006/1976 ,which references an email on the DailyDave list: http://lists.immunitysec.com/pipermail/dailydave/2006-May/003226.html

At this time, it is unclear what, if anything, is the issue. This may be as simple as the GREENAPPLE tool, which exploited the vulnerability found in MS05-011, being released in next month's CANVAS update.  Or, this may be a new variant of the same. Or, this might be something entirely different. Or, this may be nothing at all.

Personally, I don't think there's anything to this other than what the message on DailyDave says: "Sinan Eren wrote a working version of GREENAPPLE, a remote kernel overflow in SMB for Windows 2000.  It's available now to Immunity Partners, but it will be in the June Immunity CANVAS release, which will be interesting."

Keywords:
0 comment(s)
Diary Archives