Another good one is http://www.klcconsulting.net/articles/webdav/webdav_vuln.htm Kyle Lai, CISSP, CISA KLC Consulting, Inc. 617-921-5410 klaiat_private www.klcconsulting.net -----Original Message----- From: Joe Stewart [mailto:jstewartat_private] Sent: Tuesday, May 13, 2003 9:32 AM To: intrusionsat_private Cc: incidentsat_private; vuln-devat_private; listat_private Subject: IIS/WebDav Exploit List I have created a page describing the various WebDav exploits and exploit kits I have come across so far, along with Snort signatures to detect each one. If anyone knows of any other unique exploits for the ntdll.dll/WebDav IIS vulnerability, please send me the source/binary or a link so I can catalog it here: http://www.lurhq.com/webdav.html -Joe -- Joe Stewart, GCIH Senior Intrusion Analyst LURHQ Corporation http://www.lurhq.com/ ---------------------------------------------------------------------------- *** Wireless LAN Policies for Security & Management - NEW White Paper *** Just like wired networks, wireless LANs require network security policies that are enforced to protect WLANs from known vulnerabilities and threats. Learn to design, implement and enforce WLAN security policies to lockdown enterprise WLANs. To get your FREE white paper visit us at: http://www.securityfocus.com/AirDefense-incidents ---------------------------------------------------------------------------- --- Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.478 / Virus Database: 275 - Release Date: 5/6/2003 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.478 / Virus Database: 275 - Release Date: 5/6/2003
This archive was generated by hypermail 2b30 : Tue May 13 2003 - 17:47:04 PDT