Re: (pointless?) overflow in tftp.exe (Was: Re: twlc advisory: possible overflow in ms ftp client)

From: Lincoln Yeoh (lyeohat_private)
Date: Fri Nov 02 2001 - 18:35:36 PST

Next message: Thorat_private: "Bogus Email"

Previous message: F.Vigo - L.Girardi: "Re: another fatal bug in NT/2000 "Command Prompt" I/O [more info]"
In reply to: foobat_private: "(pointless?) overflow in tftp.exe (Was: Re: twlc advisory: possible overflow in ms ftp client)"
Next in thread: whitehatat_private: "Re: twlc advisory: possible overflow in ms ftp client"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

At 10:36 AM 11/2/01 +0000, foobat_private wrote:
>
>On the topic of rather pointless, yet interesting, exploits,
>the microsoft tftp client has a buffer overflow:

>Maybe a heap overflow.  Probably usable to run code.  Pointless-factor-10.
>As far as i can tell, the remote server doesnt need to exist - it crashes
>before the network is used.
>
>One possible non-pointless use of such client overflows could be if you
>can remotely run commands on a machine, say through IIS, but not
>upload code.  You could use this with some payload to execute
>arbitrary code.  Probably.

Is it possible to use it shutdown those Code Red/Nimda NT servers remotely?
Does IIS by default have enough permissions to shutdown the whole computer
or must it do some set privilege thing?

Cheerio,
Link.

Next message: Thorat_private: "Bogus Email"
Previous message: F.Vigo - L.Girardi: "Re: another fatal bug in NT/2000 "Command Prompt" I/O [more info]"
In reply to: foobat_private: "(pointless?) overflow in tftp.exe (Was: Re: twlc advisory: possible overflow in ms ftp client)"
Next in thread: whitehatat_private: "Re: twlc advisory: possible overflow in ms ftp client"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sat Nov 03 2001 - 21:10:53 PST