lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date: Fri, 28 Mar 2003 09:30:23 -0600
From: "Eric Hines" <eric.hines@...elabs.com>
To: "'Eric Hines'" <eric.hines@...elabs.com>,
	<bugtraq@...urityfocus.com>
Subject: Fate Research Labs Presents: Analysis of the NTDLL.DLL Exploit


Lists:

I have written a 13 page analysis of NTDLL.DLL webdav exploit, which is
located at http://www.fatelabs.com/library/fatelabs-ntdll-analysis.pdf .
This paper provides granular detail on the affected component, log
traces for log analysis, exploit output, and packet traces for those
looking to make their own signatures. The paper is based on the exploit
released by Roman Soft to Bugtraq in combination with his follow-up RET
address brute forcer. Remember, the exploit can be easily modified to
use GET, LOCK, et. al.

Our Log Analysis team will be posting the logs and full packet traces to
the log division's web site located at http://www.fatelabs.com shortly.
In addition, as updates are made to this paper and as different methods
of exploiting this buffer overflow are discovered by our team, we will
make updates to the paper located at our site.

P.S. Thanks to Roman Medina for his follow-up and response.


Eric Hines
Internet Warfare and Intelligence
Fate Research Labs
http://www.fatelabs.com

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ