Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Microsoft Windows 2000 WebDAV Buffer Overflow Vulnerability

From: Renaud Deraison <deraison () nessus org>
Date: Wed, 19 Mar 2003 01:30:04 +0100
On Tue, Mar 18, 2003 at 02:38:45PM -0800, Royans Tharakan wrote:

Did any one try this out ?


Yes. See the comments at the top of the plugin for the tests and their
results.


Someone said that OWA is not at risk so we are not patching it for webdav.
I tried using this code (wrote again perl) but it doesn't work against any
SP3 server.


Maybe you did not rewrite it properly - if you're not familiar with
nasl, i'd not be surprised.

The trick is simply to send a long argument to any web-dav related
command. Therefore SEARCH /AAAAA[...]AAA HTTP/1.1 should work.

Be sure to have the "too long buffer" be made of 65535 chars _exactly_.

                                -- Renaud


-- 
Renaud Deraison
The Nessus Project
http://www.nessus.org



----------------------------------------------------------------------------
Did you know that you have VNC running on your network? 
Your hacker does. Plug your security holes now! 
Download a free 15-day trial of VAM:
http://www2.stillsecure.com/download/sf_vuln_list.html
Previous By Date Next
Previous By Thread Next

Current thread: