|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: Remote Buffer Overrun WebAdmin.exe
From: David A. Pérez (david
kamborio.com)
Date: Tue Jun 24 2003 - 16:31:48 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
> NGSSoftware Insight Security Research Advisory
>
> Name: Remote System Buffer Overrun WebAdmin.exe
> Systems Affected: Windows
> Severity: High Risk
> Category: Buffer Overrun
> Vendor URL: http://www.altn.com/
> Author: Mark Litchfield (markngssoftware.com)
> Date: 24th June 2003
> Advisory number: #NISR2406-03
I've been making a few tests using WebAdmin 2.0.3 running under IIS (WebAdmin.dll)
On my tests, I haven't been able to exploit this issue beyond the scope of a Denial of Service. The Active Server Pages
service just reboots itself and two entries are added to the event log:
Application Log:
Event Type: Information
Event Source: Active Server Pages
Event Category: None
Event ID: 3
Date: 24/06/2003
Time: 22:19:16
User: N/A
Computer: XXX
Description:
Service started.
System Log:
Event Type: Warning
Event Source: W3SVC
Event Category: None
Event ID: 37
Date: 24/06/2003
Time: 22:17:33
User: N/A
Computer: XXX
Description:
Out of process application '/LM/W3SVC/3/Root/WebAdmin' terminated unexpectedly.
For additional information specific to this message please visit the Microsoft Online Support site located at:
http://www.microsoft.com/contentredirect.asp.
David A. Pérez
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]