RE: Microsoft Windows 2000 WebDAV Buffer Overflow Vulnerability
From: Royans Tharakan (RTharakan@ingenuity.com)
Date: 03/18/03
- Previous message: the1@unixclan.net: "RE: command-line reverse connection tunnel?"
- Maybe in reply to: Gary O'leary-Steele: "Microsoft Windows 2000 WebDAV Buffer Overflow Vulnerability"
- Next in thread: Renaud Deraison: "Re: Microsoft Windows 2000 WebDAV Buffer Overflow Vulnerability"
- Reply: Renaud Deraison: "Re: Microsoft Windows 2000 WebDAV Buffer Overflow Vulnerability"
- Reply: Rob Shein: "RE: Microsoft Windows 2000 WebDAV Buffer Overflow Vulnerability"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 18 Mar 2003 14:38:45 -0800 From: "Royans Tharakan" <RTharakan@ingenuity.com> To: "Nicolas Gregoire" <ngregoire@exaprobe.com>, "Gary O'leary-Steele" <garyo@sec-1.com>
Did any one try this out ?
Someone said that OWA is not at risk so we are not patching it for webdav.
I tried using this code (wrote again perl) but it doesn't work against any
SP3 server.
How sure are you that this works ? I can send the perl version of this
code to anyone intrested in debugging this analysis tool.
rkt
-----Original Message-----
From: Nicolas Gregoire [mailto:ngregoire@exaprobe.com]
Sent: Tuesday, March 18, 2003 12:26 PM
To: Gary O'leary-Steele
Cc: pen-test@securityfocus.com
Subject: Re: Microsoft Windows 2000 WebDAV Buffer Overflow Vulnerability
> I am planning to write exploit code for the Microsoft Windows 2000 WebDAV
> Buffer Overflow Vulnerability. However I don't have enough information about
> the vulnerability, e.g. which webdav component is vulnerable, how it is
> exploited i.e. where does the large string need to be to cause the overrun.
> I don't know webdav but if i get enough information about the request i need
> to send to the web server to cause a crash I will write some exploit code
> (in perl) and share with the community.
You could give a look to the related Nessus plugin :
http://cvs.nessus.org/cgi-bin/cvsweb.cgi/~checkout~/nessus-plugins/scripts/iis_webdav_overflow.nasl
Regards,
-- Nicolas Gregoire ----- Consultant en Sécurité des Systèmes d'Information ngregoire@exaprobe.com ------[ ExaProbe ]------ http://www.exaprobe.com/ PGP KeyID:CA61B44F FingerPrint:1CC647FF1A55664BA2D2AFDACA6A21DACA61B44F ---------------------------------------------------------------------------- Did you know that you have VNC running on your network? Your hacker does. Plug your security holes now! Download a free 15-day trial of VAM: http://www2.stillsecure.com/download/sf_vuln_list.html
- Previous message: the1@unixclan.net: "RE: command-line reverse connection tunnel?"
- Maybe in reply to: Gary O'leary-Steele: "Microsoft Windows 2000 WebDAV Buffer Overflow Vulnerability"
- Next in thread: Renaud Deraison: "Re: Microsoft Windows 2000 WebDAV Buffer Overflow Vulnerability"
- Reply: Renaud Deraison: "Re: Microsoft Windows 2000 WebDAV Buffer Overflow Vulnerability"
- Reply: Rob Shein: "RE: Microsoft Windows 2000 WebDAV Buffer Overflow Vulnerability"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
