Re: Microsoft Windows 2000 WebDAV Buffer Overflow Vulnerability
From: Renaud Deraison (deraison@nessus.org)
Date: 03/19/03
- Previous message: Curt Purdy: "RE: Microsoft Windows 2000 WebDAV Buffer Overflow Vulnerability"
- In reply to: Royans Tharakan: "RE: Microsoft Windows 2000 WebDAV Buffer Overflow Vulnerability"
- Next in thread: Rob Shein: "RE: Microsoft Windows 2000 WebDAV Buffer Overflow Vulnerability"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 19 Mar 2003 01:30:04 +0100 From: Renaud Deraison <deraison@nessus.org> To: pen-test@securityfocus.com
On Tue, Mar 18, 2003 at 02:38:45PM -0800, Royans Tharakan wrote:
> Did any one try this out ?
Yes. See the comments at the top of the plugin for the tests and their
results.
> Someone said that OWA is not at risk so we are not patching it for webdav.
> I tried using this code (wrote again perl) but it doesn't work against any
> SP3 server.
Maybe you did not rewrite it properly - if you're not familiar with
nasl, i'd not be surprised.
The trick is simply to send a long argument to any web-dav related
command. Therefore SEARCH /AAAAA[...]AAA HTTP/1.1 should work.
Be sure to have the "too long buffer" be made of 65535 chars _exactly_.
-- Renaud
-- Renaud Deraison The Nessus Project http://www.nessus.org ---------------------------------------------------------------------------- Did you know that you have VNC running on your network? Your hacker does. Plug your security holes now! Download a free 15-day trial of VAM: http://www2.stillsecure.com/download/sf_vuln_list.html
- Previous message: Curt Purdy: "RE: Microsoft Windows 2000 WebDAV Buffer Overflow Vulnerability"
- In reply to: Royans Tharakan: "RE: Microsoft Windows 2000 WebDAV Buffer Overflow Vulnerability"
- Next in thread: Rob Shein: "RE: Microsoft Windows 2000 WebDAV Buffer Overflow Vulnerability"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
