I wouldn't be so sure that you're safe just because you're using OWA. If I understand correctly this is a server vulnerability of IIS, not an application vulnerability of something like OWA which runs on IIS. > -----Original Message----- > From: Royans Tharakan [mailto:RTharakanat_private] > Sent: Tuesday, March 18, 2003 5:39 PM > To: Nicolas Gregoire; Gary O'leary-Steele > Cc: pen-testat_private > Subject: RE: Microsoft Windows 2000 WebDAV Buffer Overflow > Vulnerability > > > Did any one try this out ? > > Someone said that OWA is not at risk so we are not patching > it for webdav. I tried using this code (wrote again perl) but > it doesn't work against any SP3 server. > > How sure are you that this works ? I can send the perl > version of this code to anyone intrested in debugging this > analysis tool. > > rkt > > -----Original Message----- > From: Nicolas Gregoire [mailto:ngregoireat_private] > Sent: Tuesday, March 18, 2003 12:26 PM > To: Gary O'leary-Steele > Cc: pen-testat_private > Subject: Re: Microsoft Windows 2000 WebDAV Buffer Overflow > Vulnerability > > > > > I am planning to write exploit code for the Microsoft Windows 2000 > > WebDAV Buffer Overflow Vulnerability. However I don't have enough > > information about the vulnerability, e.g. which webdav component is > > vulnerable, how it is exploited i.e. where does the large > string need > > to be to cause the overrun. I don't know webdav but if i get enough > > information about the request i need to send to the web server to > > cause a crash I will write some exploit code (in perl) and > share with > > the community. > > You could give a look to the related Nessus plugin : http://cvs.nessus.org/cgi-bin/cvsweb.cgi/~checkout~/nessus-plugins/scripts/i is_webdav_overflow.nasl Regards, -- Nicolas Gregoire ----- Consultant en Sécurité des Systèmes d'Information ngregoireat_private ------[ ExaProbe ]------ http://www.exaprobe.com/ PGP KeyID:CA61B44F FingerPrint:1CC647FF1A55664BA2D2AFDACA6A21DACA61B44F ---------------------------------------------------------------------------- Did you know that you have VNC running on your network? Your hacker does. Plug your security holes now! Download a free 15-day trial of VAM: http://www2.stillsecure.com/download/sf_vuln_list.html ---------------------------------------------------------------------------- Did you know that you have VNC running on your network? Your hacker does. Plug your security holes now! Download a free 15-day trial of VAM: http://www2.stillsecure.com/download/sf_vuln_list.html
This archive was generated by hypermail 2b30 : Wed Mar 19 2003 - 09:08:09 PST