Re: Microsoft Windows 2000 WebDAV Buffer Overflow Vulnerability

From: Nicolas Gregoire (ngregoire@exaprobe.com)
Date: 03/18/03

  • Next message: the1@unixclan.net: "RE: command-line reverse connection tunnel?"
    From: Nicolas Gregoire <ngregoire@exaprobe.com>
    To: Gary O'leary-Steele <garyo@sec-1.com>
    Date: 18 Mar 2003 21:25:36 +0100
    
    
    

    > I am planning to write exploit code for the Microsoft Windows 2000 WebDAV
    > Buffer Overflow Vulnerability. However I don't have enough information about
    > the vulnerability, e.g. which webdav component is vulnerable, how it is
    > exploited i.e. where does the large string need to be to cause the overrun.
    > I don't know webdav but if i get enough information about the request i need
    > to send to the web server to cause a crash I will write some exploit code
    > (in perl) and share with the community.

    You could give a look to the related Nessus plugin :
    http://cvs.nessus.org/cgi-bin/cvsweb.cgi/~checkout~/nessus-plugins/scripts/iis_webdav_overflow.nasl

    Regards,

    -- 
    Nicolas Gregoire ----- Consultant en Sécurité des Systèmes d'Information
    ngregoire@exaprobe.com ------[ ExaProbe ]------ http://www.exaprobe.com/
    PGP KeyID:CA61B44F  FingerPrint:1CC647FF1A55664BA2D2AFDACA6A21DACA61B44F
    
    



  • Next message: the1@unixclan.net: "RE: command-line reverse connection tunnel?"