Microsoft Windows 2000 WebDAV Buffer Overflow Vulnerability

From: Gary O'leary-Steele (garyo@sec-1.com)
Date: 03/18/03

  • Next message: Oliver.Karow@gmx.de: "IMAP password cracker?"
    From: "Gary O'leary-Steele" <garyo@sec-1.com>
    To: <pen-test@securityfocus.com>
    Date: Tue, 18 Mar 2003 10:05:30 -0000
    
    

    Hi all,

    I am planning to write exploit code for the Microsoft Windows 2000 WebDAV
    Buffer Overflow Vulnerability. However I don't have enough information about
    the vulnerability, e.g. which webdav component is vulnerable, how it is
    exploited i.e. where does the large string need to be to cause the overrun.
    I don't know webdav but if i get enough information about the request i need
    to send to the web server to cause a crash I will write some exploit code
    (in perl) and share with the community.

    Any help is greatly appreciated.

    Thanks in advance.

    Regards,
    Gary O'leary-Steele
    Sec-1 Ltd

    ----------------------------------------------------------------------------
    Did you know that you have VNC running on your network?
    Your hacker does. Plug your security holes now!
    Download a free 15-day trial of VAM:
    http://www2.stillsecure.com/download/sf_vuln_list.html


  • Next message: Oliver.Karow@gmx.de: "IMAP password cracker?"

    Relevant Pages

    • [NT] Vulnerability in WebDAV XML Message Handler DoS (MS04-030)
      ... Get your security news from a reliable source. ... send a specially crafted WebDAV request to a server that is running IIS ... Mitigating Factors for WebDAV Vulnerability ...
      (Securiteam)
    • [NT] Vulnerability in WebDAV Mini-Redirector Allows Code Execution (MS08-007)
      ... Get your security news from a reliable source. ... Vulnerability in WebDAV Mini-Redirector Allows Code Execution ... An attacker could then install programs; ...
      (Securiteam)
    • [Full-disclosure] Copy to WebDAV v1.1 iOS - Multiple Web Vulnerabilities
      ... Copy to WebDAV is designed for use with iWork`s app, which allows you get document from your Keynote, Numbers and Pages ... 2013-08-08: Public Disclosure (Vulnerability Laboratory) ... The file include vulnerability allows remote attackers to include (upload) local file or path requests to compromise the application or service. ... Exploitation of the arbitrary file upload web vulnerability requires no user interaction or privilege application user account with password. ...
      (Full-Disclosure)
    • Copy to WebDAV v1.1 iOS - Multiple Web Vulnerabilities
      ... Copy to WebDAV is designed for use with iWork`s app, which allows you get document from your Keynote, Numbers and Pages ... 2013-08-08: Public Disclosure (Vulnerability Laboratory) ... The file include vulnerability allows remote attackers to include (upload) local file or path requests to compromise the application or service. ... Exploitation of the arbitrary file upload web vulnerability requires no user interaction or privilege application user account with password. ...
      (Bugtraq)
    • SecurityFocus Microsoft Newsletter #71
      ... DaanSystems NewsReactor Password Encoding Vulnerability ... Microsoft Windows NT Inaccurate Login Logging Vulnerability ... Oracle RDBMS Server Default Account Vulnerability ... Avirt Gateway Suite Telnet Proxy Remote SYSTEM Access... ...
      (Focus-Microsoft)