Re: CR II - winME? confirmation? (Slightly OT)

From: Devdas Bhagat (devdasat_private)
Date: Wed Aug 08 2001 - 10:40:40 PDT

Next message: Ken Pfeil: "RE: CR II - winME? confirmation? (Slightly OT)"

Previous message: Red Pantz: "Winnt/Win2k Vuln ?"
In reply to: Meritt James: "Re: CR II - winME? confirmation? (Slightly OT)"
Next in thread: Ken Pfeil: "RE: CR II - winME? confirmation? (Slightly OT)"
Next in thread: Michael J. Cannon: "Re: CR II - winME? confirmation? (Slightly OT)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 08 Aug 2001, Meritt James spewed into the ether:
> "running" or "installed"?  It is my understanding that the vulnerability
> exists if the files and mapping are there no matter the process state of
> the IIS server.  Is my understanding incorrect?
The machine is vulnerable, but not exploitable. Your understanding is
not wrong, but you are falling into the trap of automatically assuming
anything vulnerable to be exploitable. A service which is not running
cannot be exploited.

If IIS is not running, then the GET request which causes the buffer
overflow will never be sent, since the connection initiation will
itself get a RST. The machine is exploitable iff IIS is available a\nd
responding.
<snip>

Devdas Bhagat
--
"He did decide, though, that with more time and a great deal of mental
effort, he could probably turn the activity into an acceptable perversion."
		-- Mick Farren, "When Gravity Fails"

Next message: Ken Pfeil: "RE: CR II - winME? confirmation? (Slightly OT)"
Previous message: Red Pantz: "Winnt/Win2k Vuln ?"
In reply to: Meritt James: "Re: CR II - winME? confirmation? (Slightly OT)"
Next in thread: Ken Pfeil: "RE: CR II - winME? confirmation? (Slightly OT)"
Next in thread: Michael J. Cannon: "Re: CR II - winME? confirmation? (Slightly OT)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Aug 09 2001 - 12:17:30 PDT