Penetration Testing mailing list archives
RE: Microsoft Windows 2000 WebDAV Buffer Overflow Vulnerability
From: "Rob Shein" <shoten () starpower net>
Date: Tue, 18 Mar 2003 19:39:06 -0500
I wouldn't be so sure that you're safe just because you're using OWA. If I understand correctly this is a server vulnerability of IIS, not an application vulnerability of something like OWA which runs on IIS.
-----Original Message----- From: Royans Tharakan [mailto:RTharakan () ingenuity com] Sent: Tuesday, March 18, 2003 5:39 PM To: Nicolas Gregoire; Gary O'leary-Steele Cc: pen-test () securityfocus com Subject: RE: Microsoft Windows 2000 WebDAV Buffer Overflow Vulnerability Did any one try this out ? Someone said that OWA is not at risk so we are not patching it for webdav. I tried using this code (wrote again perl) but it doesn't work against any SP3 server. How sure are you that this works ? I can send the perl version of this code to anyone intrested in debugging this analysis tool. rkt -----Original Message----- From: Nicolas Gregoire [mailto:ngregoire () exaprobe com] Sent: Tuesday, March 18, 2003 12:26 PM To: Gary O'leary-Steele Cc: pen-test () securityfocus com Subject: Re: Microsoft Windows 2000 WebDAV Buffer Overflow VulnerabilityI am planning to write exploit code for the Microsoft Windows 2000 WebDAV Buffer Overflow Vulnerability. However I don't have enough information about the vulnerability, e.g. which webdav component is vulnerable, how it is exploited i.e. where does the largestring needto be to cause the overrun. I don't know webdav but if i get enough information about the request i need to send to the web server to cause a crash I will write some exploit code (in perl) andshare withthe community.You could give a look to the related Nessus plugin :
http://cvs.nessus.org/cgi-bin/cvsweb.cgi/~checkout~/nessus-plugins/scripts/i is_webdav_overflow.nasl Regards, -- Nicolas Gregoire ----- Consultant en Sécurité des Systèmes d'Information ngregoire () exaprobe com ------[ ExaProbe ]------ http://www.exaprobe.com/ PGP KeyID:CA61B44F FingerPrint:1CC647FF1A55664BA2D2AFDACA6A21DACA61B44F ---------------------------------------------------------------------------- Did you know that you have VNC running on your network? Your hacker does. Plug your security holes now! Download a free 15-day trial of VAM: http://www2.stillsecure.com/download/sf_vuln_list.html ---------------------------------------------------------------------------- Did you know that you have VNC running on your network? Your hacker does. Plug your security holes now! Download a free 15-day trial of VAM: http://www2.stillsecure.com/download/sf_vuln_list.html
Current thread:
- Microsoft Windows 2000 WebDAV Buffer Overflow Vulnerability Gary O'leary-Steele (Mar 18)
- Re: Microsoft Windows 2000 WebDAV Buffer Overflow Vulnerability Nicolas Gregoire (Mar 18)
- RE: Microsoft Windows 2000 WebDAV Buffer Overflow Vulnerability Curt Purdy (Mar 18)
- <Possible follow-ups>
- RE: Microsoft Windows 2000 WebDAV Buffer Overflow Vulnerability Royans Tharakan (Mar 18)
- Re: Microsoft Windows 2000 WebDAV Buffer Overflow Vulnerability Renaud Deraison (Mar 19)
- RE: Microsoft Windows 2000 WebDAV Buffer Overflow Vulnerability Rob Shein (Mar 19)
- RE: Microsoft Windows 2000 WebDAV Buffer Overflow Vulnerability Royans Tharakan (Mar 19)
- RE: Microsoft Windows 2000 WebDAV Buffer Overflow Vulnerability Frank Knobbe (Mar 19)
- Re: Microsoft Windows 2000 WebDAV Buffer Overflow Vulnerability Gerardo Richarte (Mar 21)
- RE: Microsoft Windows 2000 WebDAV Buffer Overflow Vulnerability Frank Knobbe (Mar 19)
- RE: Microsoft Windows 2000 WebDAV Buffer Overflow Vulnerability Aleksander P. Czarnowski (Mar 19)
- RE: Microsoft Windows 2000 WebDAV Buffer Overflow Vulnerability Noonan, Wesley (Mar 19)
- RE: Microsoft Windows 2000 WebDAV Buffer Overflow Vulnerability Florian Hines (Mar 19)
- Re: Microsoft Windows 2000 WebDAV Buffer Overflow Vulnerability Dave Aitel (Mar 20)
- Re: Microsoft Windows 2000 WebDAV Buffer Overflow Vulnerability Nicolas Gregoire (Mar 18)