Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Exploit Tool

From: "JM" <james__mcgee () hotmail com>
Date: Thu, 7 Nov 2002 19:15:31 -0000



Sorry for the dumb question...but someone must be able to help...

There are loads of tools out there to identify vulnerabilites, I for one am
using Retina 4.9. This is good in that it tell you exactly how to fix the
problem.

What I would like to know is if there are any tools out there that will find
the vulnerabilitites and test them, i.e. Try to exploit them.

For example, running the vulnerability scanner against a particular host
list the following as a vulnerability;

Web Servers: TCP:80 - IIS HTR ISAPI CHUNKING BUFFER OVERFLOW
DESCRIPTION:            A vulnerability in IIS involving the processing of
chunked HTTP data and it's use by the HTR ISAPI, can be exploited by an
attacker to                                         remotely execute the
code of his choice
RISK LEVEL:                High
HOW TO FIX:                Microsoft has released a hotfix to eliminate this
vulnerability
RELATED LINKS:        Microsoft Security Bulletin
                                        eEye Advisory
CVE:                            CAN-2002-0364

What I would like to know is, if there is a tool that could demonstrate this
vulnerability by exploting it.  Of course this would be done in a test
environment only, but it is to demonstrate the exploit to a client who
thinks these things are rarely exploited.

Thanks


JM


---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.413 / Virus Database: 232 - Release Date: 06/11/2002
Previous By Date Next
Previous By Thread Next

Current thread: