Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Vulnerability Development: Re: (pointless?) overflow in tftp.exe (Was: Re: twlc advisory: possible overflow in ms ftp client)

Re: (pointless?) overflow in tftp.exe (Was: Re: twlc advisory: possible overflow in ms ftp client)

From: Lincoln Yeoh <lyeoh_at_pop.jaring.my>
Date: Sat, 03 Nov 2001 10:35:36 +0800

At 10:36 AM 11/2/01 +0000, foob_at_return0.net wrote:
>
>On the topic of rather pointless, yet interesting, exploits,
>the microsoft tftp client has a buffer overflow:

>Maybe a heap overflow. Probably usable to run code. Pointless-factor-10.
>As far as i can tell, the remote server doesnt need to exist - it crashes
>before the network is used.
>
>One possible non-pointless use of such client overflows could be if you
>can remotely run commands on a machine, say through IIS, but not
>upload code. You could use this with some payload to execute
>arbitrary code. Probably.

Is it possible to use it shutdown those Code Red/Nimda NT servers remotely?
Does IIS by default have enough permissions to shutdown the whole computer
or must it do some set privilege thing?

Cheerio,
Link.
Received on Nov 04 2001

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]