lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20041021182442.44411.qmail@web41705.mail.yahoo.com>
From: alf1num3rik at yahoo.com (Stephen Jimson)
Subject: Exploit code Available for previously announced MS Vulnerabilities

you're probably talking about those sploits 

Microsoft IIS WebDAV XML Denial of Service Exploit
(MS04-030)

http://www.k-otik.com/exploits/20041020.HOD-ms04032-emf-expl2.c.php

Microsoft Windows Metafile (.emf) Heap Overflow
Exploit (MS04-032)

http://www.k-otik.com/exploits/20041020.HOD-ms04032-emf-expl2.c.php

stph

--- Jesse Valentin <jessevalentin@...oo.com> wrote :
> As per www.incidents.org
> 
> 
> MS04-030 POC
> 
> A proof-of-concept (POC) exploit for MS04-030 has
> been
> made available. The exploit, a perl script, claims
> to
> trigger the DOS condition. While we are still
> working
> to verify the exploit, here some signatures to look
> for:
> 
> The exploit will send the following header:
> 
> (the 'Host' field will hold the IP address of the
> attacked host. In this example, we used '127.0.0.1')
> ---------------------------
> 
> PROPFIND / HTTP/1.1
> Content-type: text/xml
> Host: 127.0.0.1
> Content-length: 188963
>  
> 
> <?xml version="1.0"?> <a:propfind xmlns:a="DAV:"
> xmlns:z1="xml:" xmlns:z2="xml:" xmlns:z3="xml:"
> xmlns
> 
> (... repeating 'xmlns:z???="xml:", where '???' keeps
> incrementing ...)
> 
>  xmlns:z9995="xml:" xmlns:z9996="xml:"
> xmlns:z9997="xml:"
> xmlns:z9998="xml:" >
> <a:prop><a:getcontenttype/></a:prop>
> </a:propfind>
> 
> --------------------------------
> 
> For Apache servers, the exploit will leave the
> following log entries:
> 
> Access Log:
> 10.1.0.13 - - [20/Oct/2004:14:57:15 +0000] "PROPFIND
> /
> HTTP/1.1" 400 31 "-" "-"
> 
> Error Log:
> [Wed Oct 20 14:57:15 2004] [error] [client
> 10.1.0.13]
> request failed: error reading the headers
> 
> (your apache install may use a different log format)
> 
> If working "as advertised", the exploit will crash
> unpatched IIS servers.
> 
> MS04-032 Windows XP Metafile Overflow POC
> 
> Looks like the kids are finally catching up with all
> the MSFT vulnerabilities released this month. A POC
> (proof-of-concept) exploit was released to exploit
> the
> Windows XP Metafile overflow vulnerability.
> The malicious file will start a remote shell or
> connect back to a URL.
> This functionality goes beyond what is typically
> considered a 'proof-of-concept' as it allows full
> remote control to the system with all the privileges
> of the user that opened the image.
> 
> The good thing is that some AV vendors already
> detect
> it:
> From VirusTotal website:
> BitDefender 7.0 10.20.2004 Exploit.FPSE.A
> Sybari 7.5.1314 10.20.2004 Exploit-MS03-051
> Symantec 8.0 10.19.2004 Trojan.Moo
> 
> The Manager's Briefing at
> http://isc.sans.org/presentations/MS04Oct.ppt has
> been
> updated to reflect the existence of these exploits.
> 
> __________________________________________________
> Do You Yahoo!?
> Tired of spam?  Yahoo! Mail has the best spam
> protection around 
> http://mail.yahoo.com 
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter:
> http://lists.netsys.com/full-disclosure-charter.html
>  


	

	
		
Vous manquez d?espace pour stocker vos mails ? 
Yahoo! Mail vous offre GRATUITEMENT 100 Mo !
Cr?ez votre Yahoo! Mail sur http://fr.benefits.yahoo.com/

Le nouveau Yahoo! Messenger est arriv? ! D?couvrez toutes les nouveaut?s pour dialoguer instantan?ment avec vos amis. A t?l?charger gratuitement sur http://fr.messenger.yahoo.com


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ