Re: IIS HTR Exploit ?

From: Vitaly Osipov (witt@iol.ie)
Date: 06/20/02 

From: "Vitaly Osipov" <witt@iol.ie>
To: <r00t@online.ie>
Date: Thu, 20 Jun 2002 18:57:40 +0100

----- Original Message -----
From: <r00t@online.ie>

>
> Please Please help ....
>
> Calling all b-hats, please pass me your BID:4855 IIS5.0 W2k exploits.

Heh, so that you can successfully charge your pen-test customers? :)

Speaking seriously, I think there is none at the time - heap overflows are
veeeeeeery difficult to exploit (compared to stack-related buffer overflows,
where there is an almost standard procedure). If anybody *does* have an
exploit code, they are probably folks from eEye and from NGS Software, who
discovered the vulnerability recently.

DoS thing would be much easier to accomplpish I guess - it's much easier to
destroy heap structures blindly then trying to overwrite them on purpose...
One theoretical way of exploiting might be through structured exceptions
handling -
http://online.securityfocus.com/archive/82/277162/2002-06-17/2002-06-23/2

Regards,
Vitaly Osipov, CISSP etc :)

>
> Thank you kindly
>
> Mark
>
>
> Quoting Erik Birkholz <erik@foundstone.com>:
>
> > There are HTR expolits. Eeye has been droppin them since blackhat
1999; at
> > the venetion (alarms and all)
> >
> > Ahhh the good ole days
> >
> > If you mean the new sploit, please specify the BID so we know what you
are
> > talking about
> >
> > =-)
> >
> >
> > Erik Pace Birkholz, CISSP
> > Principal Consultant - FOUNDSTONE
> > 323 252 5916
> >
>
>
>
>
> -------------------------------------------------------------------------- 

--
> This list is provided by the SecurityFocus Security Intelligence Alert
(SIA)
> Service. For more information on SecurityFocus' SIA service which
> automatically alerts you to the latest security vulnerabilities please
see:
> https://alerts.securityfocus.com/
>
>

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Relevant Pages

  • Re: (citrix testing)
    ... For more information on SecurityFocus' SIA service which ... >- This list is provided by the SecurityFocus Security Intelligence Alert ... > automatically alerts you to the latest security vulnerabilities please ...
    (Pen-Test)
  • Re: Buffer Overflow Help
    ... >>> This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ... >>> automatically alerts you to the latest security vulnerabilities please ...
    (Pen-Test)
  • Re: Need Novell vuln. scanner ASAP!
    ... > This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ... > automatically alerts you to the latest security vulnerabilities please see: ...
    (Pen-Test)
  • Re: How to aggregate output of NMAP
    ... >>> This list is provided by the SecurityFocus Security Intelligence ... For more information on SecurityFocus' SIA service which ... >> This list is provided by the SecurityFocus Security Intelligence Alert ... >> automatically alerts you to the latest security vulnerabilities please see: ...
    (Pen-Test)
  • Re: ettercap help
    ... Anyways have never tried Ettercap for VNC. ... > This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ... This list is provided by the SecurityFocus Security Intelligence Alert ...
    (Pen-Test)