Re: Re[2]: Windows 2000 and NT4 IIS .ASP Remote Buffer Overflow

From: InterceptiX Security (security@interceptix.com)
Date: 04/13/02

• Previous message: Riley Hassell: "Re: IIS .ASP Remote Buffer Overflow [testing for vulnerable installations]"
• In reply to: dullien@gmx.de: "Re[2]: Windows 2000 and NT4 IIS .ASP Remote Buffer Overflow"
• Next in thread: Brett Moore: "Testing Of Windows 2000 and NT4 IIS .ASP Remote Buffer Overflow"
• Next in thread: incubus: "RE: Windows 2000 and NT4 IIS .ASP Remote Buffer Overflow"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

From: "InterceptiX Security" <security@interceptix.com>
To: <dullien@gmx.de>, "MadHat" <madhat@unspecific.com>
Date: Sat, 13 Apr 2002 01:52:10 +0300

Does the IIS server have to have the file iisstart.asp in order for the
exploit to work?

or is this just an asp call to prepare the heap

----- Original Message -----
From: <dullien@gmx.de>
To: "MadHat" <madhat@unspecific.com>
Cc: "Erik Parker" <eparker@mindsec.com>; "'Marc Maiffret'" <marc@eeye.com>;
"Vuln-Dev" <vuln-dev@securityfocus.com>
Sent: Friday, April 12, 2002 8:25 PM
Subject: Re[2]: Windows 2000 and NT4 IIS .ASP Remote Buffer Overflow

> Hey all,
>
> M> I have not been able to reproduce these results. I have managed to
lock
> M> up IIS (IIS 5.0 with all patches pre Apr 1, 2002), but no popup
messages
> M> appear and no entries in the Application Log. I have also been able
get
> M> the 100 Continue message (IIS 4.0 all patches pre Apr 1, 2002), but
> M> still no popup or messages.
>
> rule of thumb : It locks up <==> Heap is corrupted <==> vulnerable
>
> Cheers,
> dullien@gmx.de
>
> --
> Mit freundlichen Grüssen
> dullien@gmx.de mailto:dullien@gmx.de
>

---

• Previous message: Riley Hassell: "Re: IIS .ASP Remote Buffer Overflow [testing for vulnerable installations]"
• In reply to: dullien@gmx.de: "Re[2]: Windows 2000 and NT4 IIS .ASP Remote Buffer Overflow"
• Next in thread: Brett Moore: "Testing Of Windows 2000 and NT4 IIS .ASP Remote Buffer Overflow"
• Next in thread: incubus: "RE: Windows 2000 and NT4 IIS .ASP Remote Buffer Overflow"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Form post not passing data to ASP??? ... > I have IIS server installed on XP-pro. ... I also have Norton Internet ... > I can run simple ASP programs without any problem. ... Actually, technically speaking, this is a mixture of html and ASP code. ... (microsoft.public.inetserver.asp.db) Problem with IIS Server Using ASP ... We're having a problem with IIS6 on a Windows 2003 Server. ... We have an ASP ... DLL, which inserts some data into a database. ... As I said, this worked fine on W2000 IIS Server, so if anyone has come ... (microsoft.public.inetserver.iis.activeserverpages) Form post not passing data to ASP??? ... I have IIS server installed on XP-pro. ... I can run simple ASP programs without any problem. ... (microsoft.public.inetserver.asp.db) Form post not passing data to ASP??? ... I have IIS server installed on XP-pro. ... I can run simple ASP programs without any problem. ... (microsoft.public.inetserver.iis.activeserverpages) Form post not passing data to ASP??? ... I have IIS server installed on XP-pro. ... I can run simple ASP programs without any problem. ... (microsoft.public.inetserver.iis.security)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > securityfocus  > vuln-dev  > 2002-04