Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: MS SMB zero-day? - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
MS SMB zero-day?
Quite a few people have written in to give us a heads-up on
http://www.frsirt.com/english/advisories/2006/1976 ,
which references an email on the DailyDave list:
http://lists.immunitysec.com/pipermail/dailydave/2006-May/003226.html

At this time, it is unclear what, if anything, is the issue.
This may be as simple as the GREENAPPLE tool, which exploited
the vulnerability found in MS05-011, being released in next
month's CANVAS update. Or, this may be a new variant of the
same. Or, this might be something entirely different.
Or, this may be nothing at all.

Personally, I don't think there's anything to this other than
what the message on DailyDave says: "Sinan Eren wrote a
working version of GREENAPPLE,
a remote kernel overflow in SMB
for Windows 2000. It's available now to Immunity
Partners, but
it will be in the June Immunity CANVAS release, which

will be interesting."


Erik

21 Posts

Sign Up for Free or Log In to start participating in the conversation!