Re: Article on WebDAV Vulnerability (MS03-007)
From: aladin (aladin168@hotmail.com)
Date: 04/16/03
- Next message: troyw: "firedaemon"
- Previous message: Brad Martin: "Re: Securing the remote registry service"
- In reply to: AxlsPixel: "Re: Article on WebDAV Vulnerability (MS03-007)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: aladin168@hotmail.com (aladin) Date: 16 Apr 2003 10:04:57 -0700
Base on my knowledge, in order to truly determine if a server is
vulnerable, you have to run the exploit and crash the server, and base
on the server error, then you can determine if the exploit worked or
not.
Therefore, if you are only performing safe test, you can only
determine if the scanned systems are running on IIS5 with WebDAV
component. However, if you do have full access to that system, to
verify the update is installed on the scanned computer, you can
locally or remotely confirm that the following registry key exists:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows 2000\SP4\Q815021
If you want to test for a full range of IP's for IIS5 with WebDAV
component, you can use one of the fastest scanners, WebDAVScan from
KLC Consulting at http://www.klcconsulting.net/articles/webdav/IIS5_WebDAV_Scan.zip
Regards,
/Kyle
Kyle Lai, CISSP, CISA
KLC Consulting, Inc.
klai@klcconsulting.net
http://www.klcconsulting.net
rudolphoa@hotmail.com (AxlsPixel) wrote in message news:<15cf5abf.0304141119.12a3ff89@posting.google.com>...
> Hi,
>
> I am trying to create a risk environment and have setup a VMWare
> image with Win2K SP0 as well as SP2. However, both of them are
> returned as not vulnerable by the exploits and PTWebDAV (from Positive
> Technologies http://www.ptsecurity.com/). Wondering what I am missing?
>
> Thanks,
>
> AxlsPixel
>
> aladin168@hotmail.com (aladin) wrote in message news:<bf0f8e77.0303240937.59259546@posting.google.com>...
> > KLC Consulting has published an article on the MS03-007 WebDAV
> > Vulnerability, which includes detection and mitigation
> > recommendations. This article consolidates many experts' inputs and
> > discussions. The URL is:
> > http://www.klcconsulting.net/articles/webdav/webdav_vuln.htm
> >
> > BTW, KLC recently published a nice analysis, A Honeypot Analysis on
> > Deloder Worm (http://www.klcconsulting.net/deloder_worm.htm), which is
> > still spreading worldwide and posing serious threats. KLC also
> > authored a network security utility called SMAC, a Windows MAC Address
> > Modifying Tool. (http://www.klcconsulting.net/smac)
> >
> > Cheers,
> >
> > Kyle Lai, CISSP, CISA
> > KLC Consulting, Inc.
> > klai@klcconsulting.net
> > http://www.klcconsulting.net
- Next message: troyw: "firedaemon"
- Previous message: Brad Martin: "Re: Securing the remote registry service"
- In reply to: AxlsPixel: "Re: Article on WebDAV Vulnerability (MS03-007)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
