RE: Microsoft Windows 2000 WebDAV Buffer Overflow Vulnerability
From: Rob Shein (shoten@starpower.net)
Date: 03/19/03
- Previous message: Aleksander P. Czarnowski: "RE: Microsoft Windows 2000 WebDAV Buffer Overflow Vulnerability"
- In reply to: Royans Tharakan: "RE: Microsoft Windows 2000 WebDAV Buffer Overflow Vulnerability"
- Next in thread: Royans Tharakan: "RE: Microsoft Windows 2000 WebDAV Buffer Overflow Vulnerability"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Rob Shein" <shoten@starpower.net> To: "'Royans Tharakan'" <RTharakan@ingenuity.com>, "'Nicolas Gregoire'" <ngregoire@exaprobe.com>, "'Gary O'leary-Steele'" <garyo@sec-1.com> Date: Tue, 18 Mar 2003 19:39:06 -0500
I wouldn't be so sure that you're safe just because you're using OWA. If I
understand correctly this is a server vulnerability of IIS, not an
application vulnerability of something like OWA which runs on IIS.
> -----Original Message-----
> From: Royans Tharakan [mailto:RTharakan@ingenuity.com]
> Sent: Tuesday, March 18, 2003 5:39 PM
> To: Nicolas Gregoire; Gary O'leary-Steele
> Cc: pen-test@securityfocus.com
> Subject: RE: Microsoft Windows 2000 WebDAV Buffer Overflow
> Vulnerability
>
>
> Did any one try this out ?
>
> Someone said that OWA is not at risk so we are not patching
> it for webdav. I tried using this code (wrote again perl) but
> it doesn't work against any SP3 server.
>
> How sure are you that this works ? I can send the perl
> version of this code to anyone intrested in debugging this
> analysis tool.
>
> rkt
>
> -----Original Message-----
> From: Nicolas Gregoire [mailto:ngregoire@exaprobe.com]
> Sent: Tuesday, March 18, 2003 12:26 PM
> To: Gary O'leary-Steele
> Cc: pen-test@securityfocus.com
> Subject: Re: Microsoft Windows 2000 WebDAV Buffer Overflow
> Vulnerability
>
>
>
> > I am planning to write exploit code for the Microsoft Windows 2000
> > WebDAV Buffer Overflow Vulnerability. However I don't have enough
> > information about the vulnerability, e.g. which webdav component is
> > vulnerable, how it is exploited i.e. where does the large
> string need
> > to be to cause the overrun. I don't know webdav but if i get enough
> > information about the request i need to send to the web server to
> > cause a crash I will write some exploit code (in perl) and
> share with
> > the community.
>
> You could give a look to the related Nessus plugin :
http://cvs.nessus.org/cgi-bin/cvsweb.cgi/~checkout~/nessus-plugins/scripts/i
is_webdav_overflow.nasl
Regards,
-- Nicolas Gregoire ----- Consultant en Sécurité des Systèmes d'Information ngregoire@exaprobe.com ------[ ExaProbe ]------ http://www.exaprobe.com/ PGP KeyID:CA61B44F FingerPrint:1CC647FF1A55664BA2D2AFDACA6A21DACA61B44F ---------------------------------------------------------------------------- Did you know that you have VNC running on your network? Your hacker does. Plug your security holes now! Download a free 15-day trial of VAM: http://www2.stillsecure.com/download/sf_vuln_list.html ---------------------------------------------------------------------------- Did you know that you have VNC running on your network? Your hacker does. Plug your security holes now! Download a free 15-day trial of VAM: http://www2.stillsecure.com/download/sf_vuln_list.html
- Previous message: Aleksander P. Czarnowski: "RE: Microsoft Windows 2000 WebDAV Buffer Overflow Vulnerability"
- In reply to: Royans Tharakan: "RE: Microsoft Windows 2000 WebDAV Buffer Overflow Vulnerability"
- Next in thread: Royans Tharakan: "RE: Microsoft Windows 2000 WebDAV Buffer Overflow Vulnerability"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
