Re: Microsoft Windows 2000 WebDAV Buffer Overflow Vulnerability

From: Dave Aitel (dave@immunitysec.com)
Date: Thu Mar 20 2003 - 07:14:38 EST

• Next message: Alfred Huger: "Microsoft Windows 2000 WebDAV buffer overflow vulnerability signature available (fwd)"
• Previous message: El Khoury: "RE : modem protective device?"
• In reply to: Florian Hines: "RE: Microsoft Windows 2000 WebDAV Buffer Overflow Vulnerability"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hmm. You could probably use get if you set a Translate: header, which will
force it to WebDav.

Dave Aitel
Immunity, Inc.
http://www2.immunitysec.com/

----- Original Message -----
From: "Florian Hines" <panth3r@swbell.net>
To: "'Aleksander P. Czarnowski'" <alekc@avet.com.pl>
Cc: <pen-test@securityfocus.com>
Sent: Wednesday, March 19, 2003 1:11 PM
Subject: RE: Microsoft Windows 2000 WebDAV Buffer Overflow Vulnerability

> According to the SANS conference yesterday the exploit uses a
> GET command rather than LOCK. Also "The snort-signatures that
> are out now are extremely unreliable at this point" but that
> could have changed since yesterday I suppose.
>
> Florian
>
>
> ##-----Original Message-----
> ##From: Aleksander P. Czarnowski [mailto:alekc@avet.com.pl]
> ##Sent: Wednesday, March 19, 2003 8:08 AM
> ##To: Nicolas Gregoire; garyo@sec-1.com
> ##Cc: pen-test@securityfocus.com
> ##Subject: RE: Microsoft Windows 2000 WebDAV Buffer Overflow
> ##Vulnerability
> ##
> ##
> ##> You could give a look to the related Nessus plugin :
> ##> #http://cvs.nessus.org/cgi-bin/cvsweb.cgi/~checkout~/nessus-plug
> ##ins/scrip
> ##ts/iis_webdav_overflow.nasl
> ##
> ##First of all - just from quick testing - it seems than nessus
> ##plugin don't work correctly, at least one from 18th of March.
> ##Secondly you can use a bit brutal method of using LOCK or any
> ##other WebDAV method with buffer >64kb - it was already
> ##discussed on ntbugtraq and snort-sigs I believe. But this is
> ##still far from working exploit that gives you reverse shell...
> ##Best Regards Aleksander Czarnowski AVET INS
> ##
> ##---------------------------------------------------------------
> ##-------------
> ##Did you know that you have VNC running on your network?
> ##Your hacker does. Plug your security holes now!
> ##Download a free 15-day trial of VAM:
> ##http://www2.stillsecure.com/download/sf_vuln_li#st.html
> ##
> ##
> #
>
>
>
> --------------------------------------------------------------------------

--
> Did you know that you have VNC running on your network?
> Your hacker does. Plug your security holes now!
> Download a free 15-day trial of VAM:
> http://www2.stillsecure.com/download/sf_vuln_list.html
>
>
----------------------------------------------------------------------------
Did you know that you have VNC running on your network? 
Your hacker does. Plug your security holes now! 
Download a free 15-day trial of VAM:
http://www2.stillsecure.com/download/sf_vuln_list.html

• Next message: Alfred Huger: "Microsoft Windows 2000 WebDAV buffer overflow vulnerability signature available (fwd)"
• Previous message: El Khoury: "RE : modem protective device?"
• In reply to: Florian Hines: "RE: Microsoft Windows 2000 WebDAV Buffer Overflow Vulnerability"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:31 EDT