Bugtraq mailing list archives
Enterprise Overflow
From: neophyte () BEAVUH ORG (Daniel Kerr)
Date: Sat, 11 Sep 1999 22:17:55 -0400
Posted on dark spyrit's behalf... Our apologies for holding back on this info, we just had a few things to sort out first. As is the norm for an ISS advisory, retrieving any useful information is completely out of the question - after all, the market value of a product is at stake. Heaven forbid that the xforce would give the security community real information, without asking anything in return. I dread the day. So rather than being duped into downloading the scanner, and still gain no insight on the vulnerability itself, we at beavuh will share what we know. An overflow exists in the "Accept" header field, which can be exploited with any of the common request methods. e.g: GET / HTTP/1.0 Accept: (a page or so of data) The fact that this overflow also affects other request methods rather than just "GET" leads me to believe that this may not be the same hole the xforce mentioned. Hopefully we will receive a reply offering more detailed information, or at least acknowledge that this is/isn't the same hole. Be sure to check out the new issue of Phrack, which includes my article on Win32 overflows. Everything from location using disassembly techniques, to exploiting the weakness, through to adding your own code to the binary executable(s) to prevent the vulnerabilities. The shellcode spawns a full-blown command prompt on any port you specify, without relying on downloading external files - which seems to be the trend with win32 remote exploits. We may release demonstration code for Enterprise if the need arises. dark spyrit / Barnaby Jack <dspyrit () beavuh org> beavuh - bend over and pray. http://www.beavuh.org
Current thread:
- Re: Root shell vixie cron exploit, (continued)
- Re: Root shell vixie cron exploit Raymond Dijkxhoorn (Sep 07)
- Re: Root shell vixie cron exploit Christos Zoulas (Sep 03)
- [security-officer () FreeBSD ORG: FreeBSD-SA-99:01: BSD File Flags and Programming Techniques] Patrick Oonk (Sep 03)
- Re: Root shell vixie cron exploit Valentin Nechayev (Sep 04)
- gftp Oscar Haeger (Sep 05)
- Re: gftp - ms ftp debug mode Bencsath Boldizsar (Sep 08)
- fixing all buffer overflows --- random magin numbers Dr. Joel M. Hoffman (Sep 11)
- Re: fixing all buffer overflows --- random magin numbers Peter van Dijk (Sep 12)
- Re: fixing all buffer overflows --- random magin numbers Eric Hutchinson (Sep 12)
- Re: fixing all buffer overflows --- random magin numbers Daniel W. Dulitz x108 (Sep 13)
- Enterprise Overflow Daniel Kerr (Sep 11)
- Re: gftp - ms ftp debug mode Valentin (Sep 12)
- Re: gftp - ms ftp debug mode Max Vision (Sep 12)
- Linux 2.2.12 mini-audit Solar Designer (Sep 13)
- Vulnerability in dtaction Job de Haas (Sep 13)
- Many kind of POP3/SMTP server softwares for Windows have buffer overflow bug UNYUN (Sep 12)
- Accept overflow on Netscape Enterprise Server 3.6 SP2 Nobuo Miwa (Sep 12)
- Re: COM and Windows 2000 thomasz () HOSTMASTER ORG (Sep 12)