Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: (pointless?) overflow in tftp.exe (Was: Re: twlc advisory: possible overflow in ms ftp client)

From: Lincoln Yeoh <lyeoh () pop jaring my>
Date: Sat, 03 Nov 2001 10:35:36 +0800
At 10:36 AM 11/2/01 +0000, foob () return0 net wrote:


On the topic of rather pointless, yet interesting, exploits,
the microsoft tftp client has a buffer overflow:



Maybe a heap overflow.  Probably usable to run code.  Pointless-factor-10.
As far as i can tell, the remote server doesnt need to exist - it crashes
before the network is used.

One possible non-pointless use of such client overflows could be if you
can remotely run commands on a machine, say through IIS, but not
upload code.  You could use this with some payload to execute
arbitrary code.  Probably.


Is it possible to use it shutdown those Code Red/Nimda NT servers remotely?
Does IIS by default have enough permissions to shutdown the whole computer
or must it do some set privilege thing?

Cheerio,
Link.
Previous By Date Next
Previous By Thread Next

Current thread: