Re: FW: Footprints of ASP ISAPI filter buffer overflows

From: dullienat_private
Date: Fri Apr 12 2002 - 10:21:18 PDT

  • Next message: Robert Buckley: "Possible DOS?"

    Hey all,
    
    >> Has anybody a copy of some log files that contain such for general review
    >> by the community?
    >> 
    >> A customer was vulnerable to this attack and I would like to find out if
    >> he was compromised.
    
    I don't have logs, sorry, but to be honest the probability of him
    being compromised by this are rather low -- there's no reliable
    exploit for these bugs yet, and at least the eeye-bug is a bit dodgy
    to exploit reliably without knowing the remote SP-number or accurately
    guessing the thread number.
    
    What is going to be an interesting combination on vulnerable systems i
    the combination of the ASP bugs with ElicZ's DebPloit bug -- that
    looks good enough to fashion the ASP bugs into remote SYSTEM
    compromises.
    
    Cheers,
    dullienat_private
    
    
    ----------------------------------------------------------------------------
    This list is provided by the SecurityFocus ARIS analyzer service.
    For more information on this free incident handling, management 
    and tracking system please see: http://aris.securityfocus.com
    



    This archive was generated by hypermail 2b30 : Fri Apr 12 2002 - 11:50:29 PDT