|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: (here we go again) more info on MS00-057?
From: rain forest puppy (rfp
WIRETRIP.NET)Date: Wed Aug 16 2000 - 10:10:49 CDT
- Next message: Sebastian: "Re: AMD Sledgehammer and ascii-only shellcode"
- Previous message: Gerardo Richarte: "Re: AMD Sledgehammer and ascii-only shellcode"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Ok, MS released MS00-057: file permission canonicalization vulnerability
for IIS 4.0 and 5.0. It causes IIS to use permissions on parent folders,
rather than the actual permissions on the files/folders(?).
Does anyone have any exact exploit information on this? Burt Abreu & Sren
Skov of VBExplorer.com, would you like to post some more info?
If you can cause IIS to inherit different permissions on files, then it
may be possible to use stuff like, oh, say dvwssr.dll *without* needing
authoring permission, allowing you to read source or use that handy-dandy
buffer overflow.
- rfp
- Next message: Sebastian: "Re: AMD Sledgehammer and ascii-only shellcode"
- Previous message: Gerardo Richarte: "Re: AMD Sledgehammer and ascii-only shellcode"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]