From: Mike.Lang@uconn.edu
Date: Thu Sep 11 2003 - 14:21:06 CDT
It took all morning but worth the wait...
Hi all,
Here are two new Linux command-line scanners that you can use to find
hosts
that are vulnerable to both MS03-026 (old) and MS03-039 (new). If you are
using NetReg Scanner in your network you should upgrade to this latest
version as soon as is resonable. These scanners should now work as well
as
the recently updated Microsoft and EEye scanners.
rpcscan2.c - The new code you should use in your NetReg Scanner to
properly
detect hosts that are vulnerable to MS03-039. It returns results that
only
make sense to NetReg Scan (1 or 0). It should compile on most Linux
distros with the following command: gcc -o rpcscan2 rpcscan2.c
http://security.uconn.edu/netregscan/rpcscan2.c
rpcscan_range2.c - A command-line Linux scanner that accepts address
ranges
instead of just a single address. It is the fastest way we have found to
scan Class C size networks. It returns more human-readable results than
rpcscan2.c. It should compile on most Linux distros with the following
command: gcc -o rpcscan_range2 rpcscan_range2.c
http://security.uconn.edu/netregscan/rpcscan_range2.c
(We would love for someone to hack that to scan Class Bs.)
We have also updated the jumppage.cgi that is the heart of the NetReg
Scanner. It references the updated scanner to return proper results. It
is bundled with the rpcscan2.c into a single bzipped file.
http://security.uconn.edu/netregscan/jumppage.cgi.txt
http://security.uconn.edu/netregscan/netreg-mod2.tar.bz2
If you have questions or comments about these tools please direct them to
security@uconn.edu. We tried to get them out as fast as possible, but we
also tried to test them fairly thoroughly.
Thanks to Mike Lang and Keith Bessette of the University of Connecticut,
Josh Richard of the University of Minnesota-Duluth, and anyone else I may
have missed.
Phil
PS - Nessus plugin ID 11835 should detect the new vulnerability if you are
using that:
http://cgi.nessus.org/plugins/dump.php3?id=11835
=======================================
Philip A. Rodrigues
Network Analyst, UITS
University of Connecticut
email: phil.rodrigues@uconn.edu
phone: 860.486.3743
fax: 860.486.6580
web: http://www.security.uconn.edu
=======================================
**********************************************************************
To unsubscribe from this list, send an e-mail message to
majordomo@southwestern.edu containing a single line with the words:
unsubscribe netreg
Send requests for assistance to: owner-netreg@southwestern.edu
**********************************************************************
This archive was generated by hypermail 2.1.4 : Thu Aug 12 2004 - 12:01:41 CDT