lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <1083248768.4884.89.camel@anduril.intranet.cartel-securite.net>
From: blancher at cartel-securite.fr (Cedric Blancher)
Subject: Exploit Identification Request

Le jeu 29/04/2004 ? 15:34, System Administrator a ?crit :
> One of our external systems (W2k, fully patched all components - 
> sp4, sql sp4, mdac sp3, post hotfixes, etc) is being hit by what 
> appears to be a buffer overflow of IIS : 4096 bytes cycling in 
> what appears to be an attempt to execute code. The probe starts by 
> obtaining an index.asp page, and then drops a "SEARCH / 411 210 
> 42" before dropping the "AAAAA<n>" string. 
[...]
> SEARCH /AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA[...]

Looks like Windows ntdll.dll buffer overflow exploit :

	http://www.securityfocus.com/bid/7116/


-- 
http://www.netexit.com/~sid/
PGP KeyID: 157E98EE FingerPrint: FA62226DA9E72FA8AECAA240008B480E157E98EE
>> Hi! I'm your friendly neighbourhood signature virus.
>> Copy me to your signature file and help me spread!

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ