RE: Microsoft Windows 2000 WebDAV Buffer Overflow Vulnerability

From: Noonan, Wesley (Wesley_Noonan@bmc.com)
Date: 03/19/03

  • Next message: Florian Hines: "RE: Microsoft Windows 2000 WebDAV Buffer Overflow Vulnerability" 
    From: "Noonan, Wesley" <Wesley_Noonan@bmc.com>
To: "'Royans Tharakan'" <RTharakan@ingenuity.com>, Sarah Kenna Groark <sarah@procinct.com>, Nicolas Gregoire <ngregoire@exaprobe.com>, "Gary O'leary-Steele" <garyo@sec-1.com>
Date: Wed, 19 Mar 2003 11:05:34 -0600

    In terms of stability, MS has added the following warning to the bulletin:

    "Warning If you are running Windows 2000 Service Pack 2 (SP2), you must
    check the version of Ntoskrnl.exe on your computer before you install this
    update. To do this:
    Open the %Windir%\System32 folder.
    Right-click the Ntoskrnl.exe file, click Properties, and then click the
    Version tab.
    Versions of Ntoskrnl.exe from 5.0.2195.4797 to 5.0.2195.4928 are not
    compatible with this update. These versions were distributed only with
    Microsoft Product Support Services hotfixes. If you install the update that
    is described in this article on a computer with an Ntoskrnl.exe version from
    5.0.2195.4797 to 5.0.2195.4928, the computer stops responding with a "Stop
    0x00000071" message when you restart the computer. If this occurs, you must
    recover the Windows installation by using Windows 2000 Recovery Console and
    the backup copy of the Ntdll.dll file that is stored in the
    Winnt\$NTUninstallQ815021$ folder"

    The full details are located here:
    http://support.microsoft.com/default.aspx?scid=kb;en-us;Q815021&sd=tech

    I feel for the folks who blue screened their production servers they may
    have attempted to patch... Fortunately, we caught it on test systems first.

    HTH

    Wes Noonan, MCSE/CCNA/CCDA/NNCSS/Security+
    Senior QA Rep.
    BMC Software, Inc.
    (713) 918-2412
    wnoonan@bmc.com
    http://www.bmc.com

    > -----Original Message-----
    > From: Royans Tharakan [mailto:RTharakan@ingenuity.com]
    > Sent: Tuesday, March 18, 2003 22:02
    > To: Sarah Kenna Groark; Nicolas Gregoire; Gary O'leary-Steele
    > Cc: pen-test@securityfocus.com
    > Subject: RE: Microsoft Windows 2000 WebDAV Buffer Overflow Vulnerability
    >
    > I checked this out. SANS had an emergency webcast this morning
    > in which a lot of security engineers reviewed this bug. Few microsoft
    > guys where there who confirmed that OWA uses its own version of WEBDAV
    > which overrides the version which is installed by the OS.
    > They said the version of WEBDAV in OWA is not vulnerable to this exploit.
    >
    > However, I'm still hunting for an exploit to test it. Obviously we don't
    > want to upgrade OWA if it can be avoided. We don't know how stable the
    > patch is at this point.
    >
    > rkt
    >
    > -----Original Message-----
    > From: Sarah Kenna Groark [mailto:sarah@procinct.com]
    > Sent: Tuesday, March 18, 2003 4:35 PM
    > To: Royans Tharakan; Nicolas Gregoire; Gary O'leary-Steele
    > Cc: pen-test@securityfocus.com
    > Subject: RE: Microsoft Windows 2000 WebDAV Buffer Overflow Vulnerability
    >
    >
    >
    > >Someone said that OWA is not at risk so we are not patching it for
    > webdav.
    >
    > Is there a definitive statement on this somewhere? I am trying to track
    > down for a client whether OWA is vulnerable to this and unfortunately do
    > not have an environment where I can test it myself at the moment.
    >
    > Any info much appreciated.
    >
    > Take care,
    > // Sarah
    >
    >
    > --------------------------------------------------------------------------
    > --
    > Did you know that you have VNC running on your network?
    > Your hacker does. Plug your security holes now!
    > Download a free 15-day trial of VAM:
    > http://www2.stillsecure.com/download/sf_vuln_list.html

    ----------------------------------------------------------------------------
    Did you know that you have VNC running on your network?
    Your hacker does. Plug your security holes now!
    Download a free 15-day trial of VAM:
    http://www2.stillsecure.com/download/sf_vuln_list.html

  • Next message: Florian Hines: "RE: Microsoft Windows 2000 WebDAV Buffer Overflow Vulnerability"

    Relevant Pages

    • RE: Exchange 2007 OWA Broken - Please help!
      ... all the virtual directories, except the "exchange". ... The good news is I can connect to the "owa" directory and it works perfect. ... Open a command prompt and enter iisreset ... To install BES and have it work I had to install ...
      (microsoft.public.exchange.admin)
    • RE: Location of directory for Exchange and Public in IIS
      ... Any changes- not sure what time we started having trouble- don't use OWA ... I did install WSUS on 7/4, but haven't got it completely configured. ... Exchange SP1- I've looked and can't find. ... Did you do any change on the SBS server before the error occurred? ...
      (microsoft.public.windows.server.sbs)
    • Re: Exchange 2003 OWA
      ... Please check SMTP addresses setting for Exchange Virtual Server ... Path" of the OWA virtual server he/she is trying to use. ... Install MBExplorer by installing IIS 6 Resource Kit Tools: ...
      (microsoft.public.windows.server.sbs)
    • Re: Exchange 2003 OWA
      ... Please check SMTP addresses setting for Exchange Virtual Server ... Path" of the OWA virtual server he/she is trying to use. ... Install MBExplorer by installing IIS 6 Resource Kit Tools:http://www.microsoft.com/downloads/details.aspx?FamilyId=56FC92EE-A71 ... ...
      (microsoft.public.windows.server.sbs)
    • Re: OWA in DMZ - HowTo
      ... Yes, you need to install Exchange on the FE servers, and then select ... "Front-End Server" in Exchange System Manager for the serverthat will be ... Firewall ports to open / ensure open between OWA and Active Directory / ...
      (microsoft.public.exchange.setup)