Vulnerability Development mailing list archives
Re: All versions of Microsoft Internet Information Services, Remote buffer overflow (SYSTEM Level Access)
From: "Stefan R." <stef () idrci net>
Date: Tue, 19 Jun 2001 13:57:28 -0400
Hi, The intriguing part is the relatively small size of the overflow condition (240 chars without the code insertion). We checked it against our CHX-I engine and - just as with the previous MS overflow - we caught the attempt before it reached the web server(including evasive variations of the overflow) with several fundamental overlapping rules (size of request method, attempt to access null. objects, etc...). Does anyone know the smallest overflow condition in a comercial server (web) ? Regards, R. Stefan stef () idrci net 514.331.5858 http://www.idrci.net/default.htm?home=en ----- Original Message ----- From: "Marc Maiffret" <marc () eeye com> To: "Vuln-Dev" <vuln-dev () securityfocus com> Sent: Monday, June 18, 2001 7:54 PM Subject: All versions of Microsoft Internet Information Services, Remote buffer overflow (SYSTEM Level Access)
I didnt want to spam you all with the full advisory but I thought you guys might like Ryan Permehs note on wide character overflow exploitation. It
is
in "The Exploit" section of our advisory. He talks about it in our latest IIS .ida ISAPI overflow advisory: http://www.eeye.com/html/Research/Advisories/AD20010618.html Signed, Marc Maiffret Chief Hacking Officer eEye Digital Security T.949.349.9062 F.949.349.9538 http://eEye.com/Retina - Network Security Scanner http://eEye.com/Iris - Network Traffic Analyzer http://eEye.com/SecureIIS - Web Application Firewall
Current thread:
- All versions of Microsoft Internet Information Services, Remote buffer overflow (SYSTEM Level Access) Marc Maiffret (Jun 19)
- Re: All versions of Microsoft Internet Information Services, Remote buffer overflow (SYSTEM Level Access) Stefan R. (Jun 20)