Penetration Testing mailing list archives
RE: Microsoft Windows 2000 WebDAV Buffer Overflow Vulnerability
From: Frank Knobbe <fknobbe () knobbeits com>
Date: 19 Mar 2003 12:25:15 -0600
On Tue, 2003-03-18 at 22:02, Royans Tharakan wrote:
I checked this out. SANS had an emergency webcast this morning in which a lot of security engineers reviewed this bug. Few microsoft guys where there who confirmed that OWA uses its own version of WEBDAV which overrides the version which is installed by the OS. They said the version of WEBDAV in OWA is not vulnerable to this exploit.
However, those same folks said that it is not the LOCK method that is vulnerable, but in fact only the GET method. I heard reports from guys who just couldn't make WebDAV crash with GET, but didn't have a problem with SEARCH and PROPFIND. Personally, I'm wondering if ISS was just spreading misinformation to confuse the potential worm-writers, but I'm not making any such accusation. (Misinformation wouldn't be effective anyway. But then again, neither is holding back the details for a sig, but explaining how it works...:/ I think it's safe to assume that any WebDAV method, and perhaps others, not yet discovered components, are vulnerable, mainly because the bug is in ntdll.dll. So perhaps OWA is vulnerable.... we just haven't found out where and how.... Regards, Frank
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- Microsoft Windows 2000 WebDAV Buffer Overflow Vulnerability Gary O'leary-Steele (Mar 18)
- Re: Microsoft Windows 2000 WebDAV Buffer Overflow Vulnerability Nicolas Gregoire (Mar 18)
- RE: Microsoft Windows 2000 WebDAV Buffer Overflow Vulnerability Curt Purdy (Mar 18)
- <Possible follow-ups>
- RE: Microsoft Windows 2000 WebDAV Buffer Overflow Vulnerability Royans Tharakan (Mar 18)
- Re: Microsoft Windows 2000 WebDAV Buffer Overflow Vulnerability Renaud Deraison (Mar 19)
- RE: Microsoft Windows 2000 WebDAV Buffer Overflow Vulnerability Rob Shein (Mar 19)
- RE: Microsoft Windows 2000 WebDAV Buffer Overflow Vulnerability Royans Tharakan (Mar 19)
- RE: Microsoft Windows 2000 WebDAV Buffer Overflow Vulnerability Frank Knobbe (Mar 19)
- Re: Microsoft Windows 2000 WebDAV Buffer Overflow Vulnerability Gerardo Richarte (Mar 21)
- RE: Microsoft Windows 2000 WebDAV Buffer Overflow Vulnerability Frank Knobbe (Mar 19)
- RE: Microsoft Windows 2000 WebDAV Buffer Overflow Vulnerability Aleksander P. Czarnowski (Mar 19)
- RE: Microsoft Windows 2000 WebDAV Buffer Overflow Vulnerability Noonan, Wesley (Mar 19)
- RE: Microsoft Windows 2000 WebDAV Buffer Overflow Vulnerability Florian Hines (Mar 19)
- Re: Microsoft Windows 2000 WebDAV Buffer Overflow Vulnerability Dave Aitel (Mar 20)
- Re: Microsoft Windows 2000 WebDAV Buffer Overflow Vulnerability Nicolas Gregoire (Mar 18)