Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: InfoSec Handlers Diary Blog InfoSec Handlers Diary Blog

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

MS SMB zero-day?

Published: 2006-05-25
Last Updated: 2006-05-25 19:49:18 UTC
by Erik Fichtner (Version: 2)
0 comment(s)
Update 19:40UTC :  It was all a series of unfortunate events.  FrSIRT has pulled their incorrect advisory related to the upcoming release of an exploit for MS05-011 in the next ImmunityInc CANVAS release. 

Thanks to everyone involved in tracking down the information.


Quite a few people have written in to give us a heads-up on ,which references an email on the DailyDave list:

At this time, it is unclear what, if anything, is the issue. This may be as simple as the GREENAPPLE tool, which exploited the vulnerability found in MS05-011, being released in next month's CANVAS update.  Or, this may be a new variant of the same. Or, this might be something entirely different. Or, this may be nothing at all.

Personally, I don't think there's anything to this other than what the message on DailyDave says: "Sinan Eren wrote a working version of GREENAPPLE, a remote kernel overflow in SMB for Windows 2000.  It's available now to Immunity Partners, but it will be in the June Immunity CANVAS release, which will be interesting."

0 comment(s)
Diary Archives