Network Security: Detailed info on Re: [Full-Disclosure] Exploit Identification Request

Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.

Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.

Network Security FullDisclosure

[Top] [All Lists]

Re: [Full-Disclosure] Exploit Identification Request

from [Cedric Blancher] Network Security

[Permanent Link]

Subject:	Re: [Full-Disclosure] Exploit Identification Request
Date:	Thu, 29 Apr 2004 16:26:08 +0200

Le jeu 29/04/2004 à 15:34, System Administrator a écrit :

One of our external systems (W2k, fully patched all components - 
sp4, sql sp4, mdac sp3, post hotfixes, etc) is being hit by what 
appears to be a buffer overflow of IIS : 4096 bytes cycling in 
what appears to be an attempt to execute code. The probe starts by 
obtaining an index.asp page, and then drops a "SEARCH / 411 210 
42" before dropping the "AAAAA<n>" string.

[...]

SEARCH /AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA[...]


Looks like Windows ntdll.dll buffer overflow exploit :

        http://www.securityfocus.com/bid/7116/


-- 
http://www.netexit.com/~sid/
PGP KeyID: 157E98EE FingerPrint: FA62226DA9E72FA8AECAA240008B480E157E98EE

Hi! I'm your friendly neighbourhood signature virus.
Copy me to your signature file and help me spread!

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
[Full-Disclosure] Exploit Identification Request, System Administrator Re: [Full-Disclosure] Exploit Identification Request, Cedric Blancher <= Re: [Full-Disclosure] Exploit Identification Request, Thorolf Re: [Full-Disclosure] Exploit Identification Request, Oliver Raymond

Previous by Date:	Re: [Full-Disclosure] Phenoelit Advisory <wir-haben-auch-mal-was-gefunden #0815 ++++>, Michael Guenther
Next by Date:	Re: [Full-Disclosure] Heads up: Possible lsass worm in the wild, insecure
Previous by Thread:	[Full-Disclosure] Exploit Identification Request, System Administrator
Next by Thread:	Re: [Full-Disclosure] Exploit Identification Request, Thorolf
Indexes:	[Date] [Thread] [Top] [All Lists]