| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <WorldClient-F200306242231.AA31480000@kamborio.net> Date: Tue, 24 Jun 2003 22:31:48 +0100 From: "David A. Pérez" <david@...borio.com> To: bugtraq@...urityfocus.com Subject: Re: Remote Buffer Overrun WebAdmin.exe > NGSSoftware Insight Security Research Advisory > > Name: Remote System Buffer Overrun WebAdmin.exe > Systems Affected: Windows > Severity: High Risk > Category: Buffer Overrun > Vendor URL: http://www.altn.com/ > Author: Mark Litchfield (mark@...software.com) > Date: 24th June 2003 > Advisory number: #NISR2406-03 I've been making a few tests using WebAdmin 2.0.3 running under IIS (WebAdmin.dll) On my tests, I haven't been able to exploit this issue beyond the scope of a Denial of Service. The Active Server Pages service just reboots itself and two entries are added to the event log: Application Log: Event Type: Information Event Source: Active Server Pages Event Category: None Event ID: 3 Date: 24/06/2003 Time: 22:19:16 User: N/A Computer: XXX Description: Service started. System Log: Event Type: Warning Event Source: W3SVC Event Category: None Event ID: 37 Date: 24/06/2003 Time: 22:17:33 User: N/A Computer: XXX Description: Out of process application '/LM/W3SVC/3/Root/WebAdmin' terminated unexpectedly. For additional information specific to this message please visit the Microsoft Online Support site located at: http://www.microsoft.com/contentredirect.asp. David A. Pérez
Powered by blists - more mailing lists