RE: Microsoft Windows 2000 WebDAV Buffer Overflow Vulnerability

From: Curt Purdy (purdy@tecman.com)
Date: 03/19/03

  • Next message: Renaud Deraison: "Re: Microsoft Windows 2000 WebDAV Buffer Overflow Vulnerability" 
    From: "Curt Purdy" <purdy@tecman.com>
To: "'Nicolas Gregoire'" <ngregoire@exaprobe.com>, "'Gary O'leary-Steele'" <garyo@sec-1.com>
Date: Tue, 18 Mar 2003 17:39:36 -0600

    It is actually ntdll.dll used by webdav in W2K that is the problem.

    Curt Purdy CISSP, MCSE+I, CNE, CCDA
    Information Security Engineer
    DP Solutions

    ----------------------------------------

    If you spend more on coffee than on IT security, you will be hacked.
    What's more, you deserve to be hacked.
    -- White House cybersecurity adviser Richard Clarke

    -----Original Message-----
    From: Nicolas Gregoire [mailto:ngregoire@exaprobe.com]
    Sent: Tuesday, March 18, 2003 2:26 PM
    To: Gary O'leary-Steele
    Cc: pen-test@securityfocus.com
    Subject: Re: Microsoft Windows 2000 WebDAV Buffer Overflow Vulnerability

    > I am planning to write exploit code for the Microsoft Windows 2000 WebDAV
    > Buffer Overflow Vulnerability. However I don't have enough information
    about
    > the vulnerability, e.g. which webdav component is vulnerable, how it is
    > exploited i.e. where does the large string need to be to cause the
    overrun.
    > I don't know webdav but if i get enough information about the request i
    need
    > to send to the web server to cause a crash I will write some exploit code
    > (in perl) and share with the community.

    You could give a look to the related Nessus plugin :
    http://cvs.nessus.org/cgi-bin/cvsweb.cgi/~checkout~/nessus-plugins/scripts/i
    is_webdav_overflow.nasl

    Regards, 

    --
Nicolas Gregoire ----- Consultant en Sécurité des Systèmes d'Information
ngregoire@exaprobe.com ------[ ExaProbe ]------ http://www.exaprobe.com/
PGP KeyID:CA61B44F  FingerPrint:1CC647FF1A55664BA2D2AFDACA6A21DACA61B44F
----------------------------------------------------------------------------
Did you know that you have VNC running on your network? 
Your hacker does. Plug your security holes now! 
Download a free 15-day trial of VAM:
http://www2.stillsecure.com/download/sf_vuln_list.html
  • Next message: Renaud Deraison: "Re: Microsoft Windows 2000 WebDAV Buffer Overflow Vulnerability"

    Relevant Pages

    • [NT] Vulnerability in WebDAV Mini-Redirector Allows Code Execution (MS08-007)
      ... Get your security news from a reliable source. ... Vulnerability in WebDAV Mini-Redirector Allows Code Execution ... An attacker could then install programs; ...
      (Securiteam)
    • [EXPL] WebDAV Exploit Code Released
      ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... vulnerability in WebDAV allows a remote attacker to cause the server to ... my $host; # Host being probed. ... }; # end host subroutine. ...
      (Securiteam)
    • Re: HOW TO IIS -Security
      ... How do you know there is no security? ... c)Do you have WebDAV enabled in the Web Service Extensions list? ... Open IIS Manager. ... There is a node called "Web Service Extensions". ...
      (microsoft.public.inetserver.iis.security)
    • Re: HOW TO IIS -Security
      ... After Disabling this it works better, ... IIS security just past it across. ... c)Do you have WebDAV enabled in the Web Service Extensions list? ...
      (microsoft.public.inetserver.iis.security)
    • Re: HOW TO IIS -Security
      ... How do you know there is no security? ... c)Do you have WebDAV enabled in the Web Service Extensions list? ... Have you configured NTFS permissions to restrict which users can access the ...
      (microsoft.public.inetserver.iis.security)