Re: 2000 server exploit, webDAV

From: BlueSeptember (usa@usa.net)
Date: 03/18/03 

From: BlueSeptember <usa@usa.net>
Date: Tue, 18 Mar 2003 21:09:40 GMT

   I think the patch came out last night, and all my machines were patched.

In article <157801c2ed83$3e11ae40$3301280a@phx.gbl>, o@bluecoat.com says...
> I would like to adjust our network to filter for the new
> 2000 server exploit.
>
> Has Microsoft or anyone else released a request
> signature/finger-print for this issue? Specifically, an
> example of the HTTP Request headers from a packet
> capture.
>
> This would be a HUGE help.
>
>
> Here's a snippet from the trusecure site:
>
> Summary:
> Credible sources indicate that an exploit exists to
> compromise IIS
> 5.0 servers on Windows 2000 including all service packs.
> This
> exploits an unchecked buffer in the World Wide Web
> Distributed
> Authoring and Versioning (WebDAV) protocol
>
> http://www.microsoft.com/technet/treeview/default.asp?
> url=/technet/security/
> bulletin/MS03-007.asp
>
>
> 

-- 
BlueSeptember.
-------------------------------------
---   Make Sure Reply to   ----------
BlueSeptember -at- yahoo.com
-------------------------------------
++++   Quote of the Day   +++++++++++
-------------------------------------
"Who the f_c_ is General Failure? And why is he reading my harddisk?"
- Anon, from Amok Nfo
+++++++++++++++++++++++++++++++++++++