Penetration Testing mailing list archives
Re: Microsoft Windows 2000 WebDAV Buffer Overflow Vulnerability
From: "Dave Aitel" <dave () immunitysec com>
Date: Thu, 20 Mar 2003 07:14:38 -0500
Hmm. You could probably use get if you set a Translate: header, which will force it to WebDav. Dave Aitel Immunity, Inc. http://www2.immunitysec.com/ ----- Original Message ----- From: "Florian Hines" <panth3r () swbell net> To: "'Aleksander P. Czarnowski'" <alekc () avet com pl> Cc: <pen-test () securityfocus com> Sent: Wednesday, March 19, 2003 1:11 PM Subject: RE: Microsoft Windows 2000 WebDAV Buffer Overflow Vulnerability
According to the SANS conference yesterday the exploit uses a GET command rather than LOCK. Also "The snort-signatures that are out now are extremely unreliable at this point" but that could have changed since yesterday I suppose. Florian ##-----Original Message----- ##From: Aleksander P. Czarnowski [mailto:alekc () avet com pl] ##Sent: Wednesday, March 19, 2003 8:08 AM ##To: Nicolas Gregoire; garyo () sec-1 com ##Cc: pen-test () securityfocus com ##Subject: RE: Microsoft Windows 2000 WebDAV Buffer Overflow ##Vulnerability ## ## ##> You could give a look to the related Nessus plugin : ##> #http://cvs.nessus.org/cgi-bin/cvsweb.cgi/~checkout~/nessus-plug ##ins/scrip ##ts/iis_webdav_overflow.nasl ## ##First of all - just from quick testing - it seems than nessus ##plugin don't work correctly, at least one from 18th of March. ##Secondly you can use a bit brutal method of using LOCK or any ##other WebDAV method with buffer >64kb - it was already ##discussed on ntbugtraq and snort-sigs I believe. But this is ##still far from working exploit that gives you reverse shell... ##Best Regards Aleksander Czarnowski AVET INS ## ##--------------------------------------------------------------- ##------------- ##Did you know that you have VNC running on your network? ##Your hacker does. Plug your security holes now! ##Download a free 15-day trial of VAM: ##http://www2.stillsecure.com/download/sf_vuln_li#st.html ## ## # --------------------------------------------------------------------------
--
Did you know that you have VNC running on your network? Your hacker does. Plug your security holes now! Download a free 15-day trial of VAM: http://www2.stillsecure.com/download/sf_vuln_list.html
---------------------------------------------------------------------------- Did you know that you have VNC running on your network? Your hacker does. Plug your security holes now! Download a free 15-day trial of VAM: http://www2.stillsecure.com/download/sf_vuln_list.html
Current thread:
- RE: Microsoft Windows 2000 WebDAV Buffer Overflow Vulnerability, (continued)
- RE: Microsoft Windows 2000 WebDAV Buffer Overflow Vulnerability Curt Purdy (Mar 18)
- RE: Microsoft Windows 2000 WebDAV Buffer Overflow Vulnerability Royans Tharakan (Mar 18)
- Re: Microsoft Windows 2000 WebDAV Buffer Overflow Vulnerability Renaud Deraison (Mar 19)
- RE: Microsoft Windows 2000 WebDAV Buffer Overflow Vulnerability Rob Shein (Mar 19)
- RE: Microsoft Windows 2000 WebDAV Buffer Overflow Vulnerability Royans Tharakan (Mar 19)
- RE: Microsoft Windows 2000 WebDAV Buffer Overflow Vulnerability Frank Knobbe (Mar 19)
- Re: Microsoft Windows 2000 WebDAV Buffer Overflow Vulnerability Gerardo Richarte (Mar 21)
- RE: Microsoft Windows 2000 WebDAV Buffer Overflow Vulnerability Frank Knobbe (Mar 19)
- RE: Microsoft Windows 2000 WebDAV Buffer Overflow Vulnerability Aleksander P. Czarnowski (Mar 19)
- RE: Microsoft Windows 2000 WebDAV Buffer Overflow Vulnerability Noonan, Wesley (Mar 19)
- RE: Microsoft Windows 2000 WebDAV Buffer Overflow Vulnerability Florian Hines (Mar 19)
- Re: Microsoft Windows 2000 WebDAV Buffer Overflow Vulnerability Dave Aitel (Mar 20)