Penetration Testing mailing list archives
RE: Microsoft Windows 2000 WebDAV Buffer Overflow Vulnerability
From: "Royans Tharakan" <RTharakan () ingenuity com>
Date: Tue, 18 Mar 2003 20:02:05 -0800
I checked this out. SANS had an emergency webcast this morning in which a lot of security engineers reviewed this bug. Few microsoft guys where there who confirmed that OWA uses its own version of WEBDAV which overrides the version which is installed by the OS. They said the version of WEBDAV in OWA is not vulnerable to this exploit. However, I'm still hunting for an exploit to test it. Obviously we don't want to upgrade OWA if it can be avoided. We don't know how stable the patch is at this point. rkt -----Original Message----- From: Sarah Kenna Groark [mailto:sarah () procinct com] Sent: Tuesday, March 18, 2003 4:35 PM To: Royans Tharakan; Nicolas Gregoire; Gary O'leary-Steele Cc: pen-test () securityfocus com Subject: RE: Microsoft Windows 2000 WebDAV Buffer Overflow Vulnerability
Someone said that OWA is not at risk so we are not patching it for webdav.
Is there a definitive statement on this somewhere? I am trying to track down for a client whether OWA is vulnerable to this and unfortunately do not have an environment where I can test it myself at the moment. Any info much appreciated. Take care, // Sarah ---------------------------------------------------------------------------- Did you know that you have VNC running on your network? Your hacker does. Plug your security holes now! Download a free 15-day trial of VAM: http://www2.stillsecure.com/download/sf_vuln_list.html
Current thread:
- Microsoft Windows 2000 WebDAV Buffer Overflow Vulnerability Gary O'leary-Steele (Mar 18)
- Re: Microsoft Windows 2000 WebDAV Buffer Overflow Vulnerability Nicolas Gregoire (Mar 18)
- RE: Microsoft Windows 2000 WebDAV Buffer Overflow Vulnerability Curt Purdy (Mar 18)
- <Possible follow-ups>
- RE: Microsoft Windows 2000 WebDAV Buffer Overflow Vulnerability Royans Tharakan (Mar 18)
- Re: Microsoft Windows 2000 WebDAV Buffer Overflow Vulnerability Renaud Deraison (Mar 19)
- RE: Microsoft Windows 2000 WebDAV Buffer Overflow Vulnerability Rob Shein (Mar 19)
- RE: Microsoft Windows 2000 WebDAV Buffer Overflow Vulnerability Royans Tharakan (Mar 19)
- RE: Microsoft Windows 2000 WebDAV Buffer Overflow Vulnerability Frank Knobbe (Mar 19)
- Re: Microsoft Windows 2000 WebDAV Buffer Overflow Vulnerability Gerardo Richarte (Mar 21)
- RE: Microsoft Windows 2000 WebDAV Buffer Overflow Vulnerability Frank Knobbe (Mar 19)
- RE: Microsoft Windows 2000 WebDAV Buffer Overflow Vulnerability Aleksander P. Czarnowski (Mar 19)
- RE: Microsoft Windows 2000 WebDAV Buffer Overflow Vulnerability Noonan, Wesley (Mar 19)
- RE: Microsoft Windows 2000 WebDAV Buffer Overflow Vulnerability Florian Hines (Mar 19)
- Re: Microsoft Windows 2000 WebDAV Buffer Overflow Vulnerability Dave Aitel (Mar 20)
- Re: Microsoft Windows 2000 WebDAV Buffer Overflow Vulnerability Nicolas Gregoire (Mar 18)