Re: CR II - winME? confirmation? (Slightly OT)

From: Devdas Bhagat (devdasat_private)
Date: Wed Aug 08 2001 - 10:40:40 PDT

  • Next message: Ken Pfeil: "RE: CR II - winME? confirmation? (Slightly OT)"

    On Wed, 08 Aug 2001, Meritt James spewed into the ether:
    > "running" or "installed"?  It is my understanding that the vulnerability
    > exists if the files and mapping are there no matter the process state of
    > the IIS server.  Is my understanding incorrect?
    The machine is vulnerable, but not exploitable. Your understanding is
    not wrong, but you are falling into the trap of automatically assuming
    anything vulnerable to be exploitable. A service which is not running
    cannot be exploited.
    
    If IIS is not running, then the GET request which causes the buffer
    overflow will never be sent, since the connection initiation will
    itself get a RST. The machine is exploitable iff IIS is available a\nd
    responding.
    <snip>
    
    Devdas Bhagat
    --
    "He did decide, though, that with more time and a great deal of mental
    effort, he could probably turn the activity into an acceptable perversion."
    		-- Mick Farren, "When Gravity Fails"
    



    This archive was generated by hypermail 2b30 : Thu Aug 09 2001 - 12:17:30 PDT