RE: idq.dll problem??

From: Jim Harrison (SPG) (jmharrat_private)
Date: Fri Mar 15 2002 - 08:17:16 PST

Next message: Charles-Edouard Ruault: "Re: Buffer overflow in awk"

Previous message: Walter Jr.: "Re: Buffer overflow in awk"
Maybe in reply to: RWXLabs: "idq.dll problem??"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I've repeated your tests on a system with all patches applied and all proper lockdowns applied as well and get nothing more than a 404 response.
Do you still have the .IDA, .IDQ mappings in your website?

* Jim Harrison 
MCP(NT4, 2K), A+, Network+

Never be afraid to try something new. Remember that amateurs built the Ark. Professionals built the Titanic.



-----Original Message-----
From: RWXLabs [mailto:rwxlabsat_private] 
Sent: Thursday, March 14, 2002 16:47
To: Brett Moore; vuln-dev
Subject: Re: idq.dll problem??


Hi,

All the test was carried through in system with all patches applied, 
however, it is enough to request the URL:

www.server.com/null.ida?=

So that the server presents the error, being that only caracter = 
(equal) this happens!

Any ideas?

Marcos Ferreira
marcosat_private
RWXSecurity - Segurança na Internet
http://www.rwxsecurity.com



Brett Moore wrote:

>Made me think of the .ida bof testing that went on during the code red 
>season.
>
>
>On A patched system.
>Results
>Sending 1-199 bytes yields the error:
>The IDQ file NULL.ida could not be found.
>Nothing written to the event log.
>
>Sending 200-??? bytes we get:
>File .
>Error 0x80040e14 caught while processing query
>Nothing written to the event log.
>
>
>Were you testing patch/unpatched?
>
>Brett
>
>>-----Original Message-----
>>From: H D Moore [mailto:sflistat_private]
>>Sent: Thursday, 14 March 2002 17:31
>>To: RWXLabs; bugtraqat_private; vuln-devat_private; 
>>secureat_private
>>Subject: Re: idq.dll problem??
>>
>>
>>On Wednesday 13 March 2002 06:13 pm, RWXLabs wrote:
>>
>>>Hello,
>>>
>>>In some tests carried through with servers IIS5, I found the 
>>>following problem.
>>>
>>>When requesting the URL:
>>>
>>>ww.server.com/null.ida?=
>>>
>>>
>>>The server returned the following message:
>>>
>>>File . Error 0x80040e14 caught while processing query
>>>
>>Interesting. That error is normally thrown by the ODBC handler anytime 
>>an invalid/misformed query is made in an ASP script. The error message 
>>translates into "The command contained one or more errors".
>>
>>Check out this URL:
>>
>http://www.adopenstatic.com/faq/80040e14.asp
>
>
>

Next message: Charles-Edouard Ruault: "Re: Buffer overflow in awk"
Previous message: Walter Jr.: "Re: Buffer overflow in awk"
Maybe in reply to: RWXLabs: "idq.dll problem??"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Mar 15 2002 - 09:00:55 PST