Gain root remotely : IIS : WebDAV Overflow (MS03-007)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.11412

Categoría: Gain root remotely

Título: IIS : WebDAV Overflow (MS03-007)

Resumen: NOSUMMARY

Descripción: Description:

The remote WebDAV server is vulnerable to a buffer overflow when
it receives a too long request.

An attacker may use this flaw to execute arbitrary code within the
LocalSystem security context.

Solution : See http://www.microsoft.com/technet/security/bulletin/ms03-007.mspx
Risk factor : High

Referencia Cruzada: BugTraq ID: 7116
Common Vulnerability Exposure (CVE) ID: CVE-2003-0109
http://www.securityfocus.com/bid/7116
Bugtraq: 20030321 New attack vectors and a vulnerability dissection of MS03-007 (Google Search)
http://marc.info/?l=bugtraq&m=104826476427372&w=2
Bugtraq: 20030325 IIS 5.0 WebDAV -Proof of concept-. Fully documented. (Google Search)
http://marc.info/?l=bugtraq&m=104861839130254&w=2
Bugtraq: 20030326 WebDAV exploit: using wide character decoder scheme (Google Search)
http://marc.info/?l=bugtraq&m=104869293619064&w=2
Bugtraq: 20030328 Fate Research Labs Presents: Analysis of the NTDLL.DLL Exploit (Google Search)
http://marc.info/?l=bugtraq&m=104887148323552&w=2
Bugtraq: 20030708 WDAV exploit without netcat and with pretty magic number (Google Search)
http://marc.info/?l=bugtraq&m=105768156625699&w=2
http://www.cert.org/advisories/CA-2003-09.html
CERT/CC vulnerability note: VU#117394
http://www.kb.cert.org/vuls/id/117394
ISS Security Advisory: 20030317 Microsoft IIS WebDAV Remote Compromise Vulnerability
http://www.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=22029
http://www.nextgenss.com/papers/ms03-007-ntdll.pdf
Microsoft Security Bulletin: MS03-007
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-007
Microsoft Knowledge Base article: Q815021
http://support.microsoft.com/default.aspx?scid=kb;[LN];Q815021
http://marc.info/?l=ntbugtraq&m=104826785731151&w=2
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A109
http://www.iss.net/security_center/static/11533.php

Copyright This script is Copyright (C) 2003 Renaud Deraison

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.11412
Categoría:	Gain root remotely
Título:	IIS : WebDAV Overflow (MS03-007)
Resumen:	NOSUMMARY
Descripción:	Description: The remote WebDAV server is vulnerable to a buffer overflow when it receives a too long request. An attacker may use this flaw to execute arbitrary code within the LocalSystem security context. Solution : See http://www.microsoft.com/technet/security/bulletin/ms03-007.mspx Risk factor : High
Referencia Cruzada:	BugTraq ID: 7116 Common Vulnerability Exposure (CVE) ID: CVE-2003-0109 http://www.securityfocus.com/bid/7116 Bugtraq: 20030321 New attack vectors and a vulnerability dissection of MS03-007 (Google Search) http://marc.info/?l=bugtraq&m=104826476427372&w=2 Bugtraq: 20030325 IIS 5.0 WebDAV -Proof of concept-. Fully documented. (Google Search) http://marc.info/?l=bugtraq&m=104861839130254&w=2 Bugtraq: 20030326 WebDAV exploit: using wide character decoder scheme (Google Search) http://marc.info/?l=bugtraq&m=104869293619064&w=2 Bugtraq: 20030328 Fate Research Labs Presents: Analysis of the NTDLL.DLL Exploit (Google Search) http://marc.info/?l=bugtraq&m=104887148323552&w=2 Bugtraq: 20030708 WDAV exploit without netcat and with pretty magic number (Google Search) http://marc.info/?l=bugtraq&m=105768156625699&w=2 http://www.cert.org/advisories/CA-2003-09.html CERT/CC vulnerability note: VU#117394 http://www.kb.cert.org/vuls/id/117394 ISS Security Advisory: 20030317 Microsoft IIS WebDAV Remote Compromise Vulnerability http://www.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=22029 http://www.nextgenss.com/papers/ms03-007-ntdll.pdf Microsoft Security Bulletin: MS03-007 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-007 Microsoft Knowledge Base article: Q815021 http://support.microsoft.com/default.aspx?scid=kb;[LN];Q815021 http://marc.info/?l=ntbugtraq&m=104826785731151&w=2 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A109 http://www.iss.net/security_center/static/11533.php
Copyright	This script is Copyright (C) 2003 Renaud Deraison