RE: CR II - winME? confirmation? (Slightly OT)

From: Inman, Carey (Inmanat_private)
Date: Wed Aug 08 2001 - 10:32:22 PDT

Next message: Pauli Ojanpera: "Re: Re[2]: IE troubles with image files"

Previous message: brian_carpioat_private: "Re: cisco 677 and 678 crashes"
Next in thread: Ryan Permeh: "Re: CR II - winME? confirmation? (Slightly OT)"
Reply: Ryan Permeh: "Re: CR II - winME? confirmation? (Slightly OT)"
Reply: Mike Duncan: "RE: CR II - winME? confirmation? (Slightly OT)"
Reply: Matthew Leeds: "RE: CR II - winME? confirmation? (Slightly OT)"
Reply: Thorat_private: "Re: CR II - winME? confirmation? (Slightly OT)"
Reply: Jonathan Rickman: "RE: CR II - winME? confirmation? (Slightly OT)"
Reply: Ron DuFresne: "RE: CR II - winME? confirmation? (Slightly OT)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

I would like to offer a quote from MS01-033:

"the service would not need to be running in order for an attacker to
exploit the vulnerability."

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/
bulletin/MS01-033.asp

Carey 



-----Original Message-----
From: Meritt James [mailto:meritt_jamesat_private]
Sent: Wednesday, August 08, 2001 9:28 AM
To: kam
Cc: Amer Karim; VULN-DEV List
Subject: Re: CR II - winME? confirmation? (Slightly OT)


"running" or "installed"?  It is my understanding that the vulnerability
exists if the files and mapping are there no matter the process state of
the IIS server.  Is my understanding incorrect?

Jim

kam wrote:
> 
> Without IIS running, an attacker has no means of exploiting the vulnerable
> file. With no access to the file, the vulnerability does not exist. If
> they're running IIS, then there is a hole which they can exploit. Even
> though it comes installed by default on 2000, it's not a risk until you
turn
> on your web services.
> 
> kam
> 
> ----- Original Message -----
> From: "Amer Karim" <amerkat_private>
> To: "VULN-DEV List" <VULN-DEVat_private>
> Sent: Tuesday, August 07, 2001 10:03 AM
> Subject: Re: CR II - winME? confirmation? (Slightly OT)
> 
> > Hi All,
> >
> > All the advisories about CR state that only IIS servers are vulnerable.
> > However, it's my understanding that the unchecked buffer in idq.dll was
> the
> > source of that vulnerability.  If that's the case, then why have the
> > advisories not included Win2K systems (all flavours) since idq.dll is
> > installed by default as part of the indexing service on all these
> systems -
> > regardless of whether they are using the service or not?  Wouldn't that
> make
> > ANY system with the indexing service on it just as vulnerable as systems
> > with IIS? Am I overlooking something obvious here?
> >
> > Regards,
> > Amer Karim
> > Nautilis Information Systems
> > e-mail: amerkat_private, mamerkat_private
> >
> >
> >

-- 
James W. Meritt, CISSP, CISA
Booz, Allen & Hamilton
phone: (410) 684-6566

Next message: Pauli Ojanpera: "Re: Re[2]: IE troubles with image files"
Previous message: brian_carpioat_private: "Re: cisco 677 and 678 crashes"
Next in thread: Ryan Permeh: "Re: CR II - winME? confirmation? (Slightly OT)"
Reply: Ryan Permeh: "Re: CR II - winME? confirmation? (Slightly OT)"
Reply: Mike Duncan: "RE: CR II - winME? confirmation? (Slightly OT)"
Reply: Matthew Leeds: "RE: CR II - winME? confirmation? (Slightly OT)"
Reply: Thorat_private: "Re: CR II - winME? confirmation? (Slightly OT)"
Reply: Jonathan Rickman: "RE: CR II - winME? confirmation? (Slightly OT)"
Reply: Ron DuFresne: "RE: CR II - winME? confirmation? (Slightly OT)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Aug 09 2001 - 12:54:07 PDT