Re: CR II - winME? confirmation? (Slightly OT)
From: Thor@HammerofGod.comDate: 08/09/01
- Previous message: sween: "Re: Winnt/Win2k Vuln ?"
- In reply to: Inman, Carey: "RE: CR II - winME? confirmation? (Slightly OT)"
- Next in thread: Jonathan Rickman: "RE: CR II - winME? confirmation? (Slightly OT)"
- Next in thread: William T. Barrett: "RE: CR II - winME? confirmation? (Slightly OT)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Thor@HammerofGod.com To: Inman@nasirc.nasa.gov, meritt_james@bah.com, kam@aversion.net Message-ID: <02cc01c1210e$4df1de40$af05a8c0@anchorsign.com> Subject: Re: CR II - winME? confirmation? (Slightly OT) Date: Thu, 9 Aug 2001 13:02:46 -0700
The full quote is:
"As a result, even though idq.dll is a component of Index Server/Indexing
Service, the service would not need to be running in order for an attacker
to exploit the vulnerability. "
The Index Service does not need to be running. IIS _has_ to parse the
request and map it to the extension for it to be exploited.
hth
AD
----- Original Message -----
From: "Inman, Carey" <Inman@nasirc.nasa.gov>
To: "'Meritt James'" <meritt_james@bah.com>; "kam" <kam@aversion.net>
Cc: "Amer Karim" <amerk@telus.net>; "VULN-DEV List"
<VULN-DEV@securityfocus.com>
Sent: Wednesday, August 08, 2001 10:32 AM
Subject: RE: CR II - winME? confirmation? (Slightly OT)
> Hi,
>
> I would like to offer a quote from MS01-033:
>
> "the service would not need to be running in order for an attacker to
> exploit the vulnerability."
>
>
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/
> bulletin/MS01-033.asp
>
> Carey
>
>
>
> -----Original Message-----
> From: Meritt James [mailto:meritt_james@bah.com]
> Sent: Wednesday, August 08, 2001 9:28 AM
> To: kam
> Cc: Amer Karim; VULN-DEV List
> Subject: Re: CR II - winME? confirmation? (Slightly OT)
>
>
> "running" or "installed"? It is my understanding that the vulnerability
> exists if the files and mapping are there no matter the process state of
> the IIS server. Is my understanding incorrect?
>
> Jim
>
> kam wrote:
> >
> > Without IIS running, an attacker has no means of exploiting the
vulnerable
> > file. With no access to the file, the vulnerability does not exist. If
> > they're running IIS, then there is a hole which they can exploit. Even
> > though it comes installed by default on 2000, it's not a risk until you
> turn
> > on your web services.
> >
> > kam
> >
> > ----- Original Message -----
> > From: "Amer Karim" <amerk@telus.net>
> > To: "VULN-DEV List" <VULN-DEV@SECURITYFOCUS.COM>
> > Sent: Tuesday, August 07, 2001 10:03 AM
> > Subject: Re: CR II - winME? confirmation? (Slightly OT)
> >
> > > Hi All,
> > >
> > > All the advisories about CR state that only IIS servers are
vulnerable.
> > > However, it's my understanding that the unchecked buffer in idq.dll
was
> > the
> > > source of that vulnerability. If that's the case, then why have the
> > > advisories not included Win2K systems (all flavours) since idq.dll is
> > > installed by default as part of the indexing service on all these
> > systems -
> > > regardless of whether they are using the service or not? Wouldn't
that
> > make
> > > ANY system with the indexing service on it just as vulnerable as
systems
> > > with IIS? Am I overlooking something obvious here?
> > >
> > > Regards,
> > > Amer Karim
> > > Nautilis Information Systems
> > > e-mail: amerk@telus.net, mamerk@hotmail.com
> > >
> > >
> > >
>
> --
> James W. Meritt, CISSP, CISA
> Booz, Allen & Hamilton
> phone: (410) 684-6566
- Previous message: sween: "Re: Winnt/Win2k Vuln ?"
- In reply to: Inman, Carey: "RE: CR II - winME? confirmation? (Slightly OT)"
- Next in thread: Jonathan Rickman: "RE: CR II - winME? confirmation? (Slightly OT)"
- Next in thread: William T. Barrett: "RE: CR II - winME? confirmation? (Slightly OT)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
