Re: Windows 2000 .printer remote overflow proof of concept exploit....

From: Joshua Dodds (jdoddsat_private)
Date: Fri May 11 2001 - 02:04:31 PDT

Next message: bugzillaat_private: "[RHSA-2001:065-05] New Zope packages are available"

Previous message: Martin O'Neal: "Corsaire Limited Security Advisory - Symantec/Axent NetProwler 3. 5.x database configuration"
In reply to: Shawn Kleinart: "Re: Windows 2000 .printer remote overflow proof of concept exploit...."
Reply: Christopher Gerg: "RE: Windows 2000 .printer remote overflow proof of concept exploit...."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

>
>It's out there. I've seen logs indicating the attacker put a "root.exe" file
>on the IIS5 host and then were able to issue a command to run this file via
>the overflow. I don't have any more specific information on the contents of
>the root.exe file or the exact script used, etc. at this time.

root.exe is just cmd.exe copied to root.exe!  doh!

-jd

Next message: bugzillaat_private: "[RHSA-2001:065-05] New Zope packages are available"
Previous message: Martin O'Neal: "Corsaire Limited Security Advisory - Symantec/Axent NetProwler 3. 5.x database configuration"
In reply to: Shawn Kleinart: "Re: Windows 2000 .printer remote overflow proof of concept exploit...."
Reply: Christopher Gerg: "RE: Windows 2000 .printer remote overflow proof of concept exploit...."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue May 15 2001 - 06:24:19 PDT