Re: [VulnWatch] CORE-2004-0802: IIS NNTP Service XPAT Command Vulnerabilities

From: wirepair (wirepair_at_roguemail.net)
Date: 10/13/04

  • Next message: advisory: "[VulnWatch] BindView Advisory: Memory Leak and DoS in NT4 RPC server"
    To: CORE Security Technologies Advisories <advisories@coresecurity.com>, Bugtraq <bugtraq@securityfocus.com>, NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM, Vulnwatch <vulnwatch@vulnwatch.org>
    Date: Tue, 12 Oct 2004 16:43:38 -0800
    
    

    You missed the SEARCH IN <request> vector. I believe it calls the same heap alloc from STATXMEM.dll
    I was having some issues with the string becoming unicoded, but just yesterday I got an ascii overwrite
    (in the debugger only tho :/). Oh well looks like you snuffed the bug I was
    working on in the process :). Obviously MS fixed this bug in the recent patch. Another thing to note,
    when requesting ('s I noticed that an internal function was matching my ( with a ) since they were using
    lstrcpy it totally smashed the heap structures when it became unicode'd. But they appeared to fix that as well.
    -wire

    On Tue, 12 Oct 2004 15:48:49 -0300
      CORE Security Technologies Advisories <advisories@coresecurity.com> wrote:
    > Core Security Technologies Advisory
    > http://www.coresecurity.com
    >
    > IIS NNTP Service XPAT Command Vulnerabilities
    >
    >
    >

    --
    Visit Things From Another World for the best
    comics, movies, toys, collectibles and more.
    http://www.tfaw.com/?qt=wmf
    

  • Next message: advisory: "[VulnWatch] BindView Advisory: Memory Leak and DoS in NT4 RPC server"

    Relevant Pages

    • Re: [VulnWatch] CORE-2004-0802: IIS NNTP Service XPAT Command Vulnerabilities
      ... You missed the SEARCH IN <request> vector. ... I believe it calls the same heap alloc from STATXMEM.dll ... Obviously MS fixed this bug in the recent patch. ...
      (NT-Bugtraq)
    • Re: [VulnWatch] CORE-2004-0802: IIS NNTP Service XPAT Command Vulnerabilities
      ... You missed the SEARCH IN <request> vector. ... I believe it calls the same heap alloc from STATXMEM.dll ... Obviously MS fixed this bug in the recent patch. ...
      (Bugtraq)
    • Re: kernel BUG at block/blk-timeout.c:178!
      ... I've pushed the BUG ON check into blk_execute_rq, ... getting the request initially. ... should fix the current usage. ... [PATCH] ...
      (Linux-Kernel)
    • Re: How to Run ASP natively in SQLServer7
      ... > will not be re-inserted into Fogbugz. ... > 'Otherwise new request will be inserted. ... Insert one row of header data into the BUG table ... > 'within the BUG table everytime a new row is inserted. ...
      (microsoft.public.sqlserver.programming)
    • Re: ANTS!
      ... i feel as though entering my space by a bug is a request for assisted ... close enough for either of these to take place it is imho a request for help ... any case, the sweet bait doesn't attract cats, expecially if you put it ... where the ants are and the cats don't go. ...
      (rec.pets.cats.anecdotes)