[logs] Fate Research Labs Presents: Analysis of the NTDLL.DLL Exploit

From: Eric Hines (eric.hinesat_private)
Date: Fri Mar 28 2003 - 07:30:23 PST

  • Next message: durnieat_private: "Re: [logs] NetIQ Vigilant Log Analyzer?"

    Lists:
    
    I have written a 13 page analysis of NTDLL.DLL webdav exploit, which is
    located at http://www.fatelabs.com/library/fatelabs-ntdll-analysis.pdf .
    This paper provides granular detail on the affected component, log
    traces for log analysis, exploit output, and packet traces for those
    looking to make their own signatures. The paper is based on the exploit
    released by Roman Soft to Bugtraq in combination with his follow-up RET
    address brute forcer. Remember, the exploit can be easily modified to
    use GET, LOCK, et. al.
    
    Our Log Analysis team will be posting the logs and full packet traces to
    the log division's web site located at http://www.fatelabs.com shortly.
    In addition, as updates are made to this paper and as different methods
    of exploiting this buffer overflow are discovered by our team, we will
    make updates to the paper located at our site.
    
    P.S. Thanks to Roman Medina for his follow-up and response.
    
    
    Eric Hines
    Internet Warfare and Intelligence
    Fate Research Labs
    http://www.fatelabs.com
    
    
    
    _______________________________________________
    LogAnalysis mailing list
    LogAnalysisat_private
    http://lists.shmoo.com/mailman/listinfo/loganalysis
    



    This archive was generated by hypermail 2b30 : Fri Mar 28 2003 - 13:44:48 PST