RE: Testing Of Windows 2000 and NT4 IIS .ASP Remote Buffer Overfl ow

From: Thor Larholm (Thor@jubii.dk)
Date: 04/13/02


From: Thor Larholm <Thor@jubii.dk>
To: 'Brett Moore ' <brett@softwarecreations.co.nz>, 'Vuln-Dev ' <vuln-dev@securityfocus.com>, "'incidents@securityfocus.com '" <incidents@securityfocus.com>, "'NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM '" <NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM>
Date: Sat, 13 Apr 2002 20:53:34 +0200


> From: Brett Moore
> Probably a more reliable and safe way of testing if this patch
> is installed or not, would be to test 1 of the css holes?

You could use the 404 CSS error to check if the server has the patch
installed. Make a request for some non-existant page, e.g.
http://YOUR.TLD/3lkb54j6b4kjb6jk456bk45bk45jb, then read line 42 and
compare.

Not patched line 42:

        document.write( '<A HREF="' + escape(urlresult) + '">' +
displayresult + "</a>");

Patched line 42:

        InsertElementAnchor(urlresult, displayresult);

Custom 404 page: Anything else. If they bothered to make a custom 404 page,
they probably also bothered to apply critical patches as this one.

This is all demonstrated at http://jscript.dk/adv/TL001/, where a quick
survey of the "Simple" examples show that hotmail.msn.com, passport.com and
lc2.law5.hotmail.passport.com are still unpatched. You may get different
results from testing, as they most likely run in a cluster.

Regards
Thor Larholm
Jubii A/S - Internet Programmer



Relevant Pages

  • Re: Testing Of Windows 2000 and NT4 IIS .ASP Remote Buffer Overfl ow
    ... would be to test 1 of the css holes? ... You could use the 404 CSS error to check if the server has the patch ... Custom 404 page: Anything else. ... they probably also bothered to apply critical patches as this one. ...
    (NT-Bugtraq)
  • 9_Recommended error codes (specifically return code 5)
    ... * "return code 2" indicates patches are already installed. ... * "return code 25" means a patches requires another patch that is not yet installed. ... With or without using the save option, the patch installation process ... Installing 114008-01... ...
    (SunManagers)
  • Re: [PATCH] ext4: memory leakage in ext4_mb_init()
    ... one of the important parts of a patch is that the patcher ... If you are not able to deal with all patches received, ... stock kernel, is buggy, and end users have to face panic. ... Ext4 is actually quite stable at this point. ...
    (Linux-Kernel)
  • Re: This is [Re:] How to improve the quality of the kernel[?].
    ... The -mm kernel already implements what your proposed PTS would do. ... If patch have no TS ID, ... Thus i can apply for example lguest patches and implement and test new ... How many open source projects use Bugzilla and how many use the Debian BTS? ...
    (Linux-Kernel)
  • Re: ATTACK of the WEEK-fentanyl patches
    ... FDA warns of deaths from fentanyl patch ... Some of the deaths came after doctors prescribed the patches to the ... The drug is only for chronic pain in people used to narcotics, ...
    (alt.support.chronic-pain)