For that to work, the "arbitrary commands" in the buffer-overflow exploit
will have to set up an app listening on port 80 - the same port as the
webserver, AND send and receive traffic using HTTP. May be possible, but
sounds a bit far-fetched. The same-port issue might be the largest
stumbling block.
And the sample scripts are typically removed from any secure IIS
installation anyway :-).
Brian
----- Original Message -----
From: "Volker Tanger" <[EMAIL PROTECTED]>
To: "Brian Steele" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Friday, February 02, 2001 12:40 PM
Subject: Re: Configuration Arguments... In House...
> Greetings!
>
> Brian Steele schrieb:
>
> > Hmm.. Can someone give an example of how a "compromise" that opens the
> > internal network to the attacker could work, if the proxy server is
passing
> > only HTTP traffic on port 80 between the internal server and the
Internet
> > client?
>
> With the right buffer-overflow you can transfer and execute arbitrary code
to
> and on the attacked webserver. For example the Microsoft IIS comes (by
default)
> with some sample-scripts that do have such known exploits.
>
> You do not always need a Telnet connection to be able to run exploits...
;-)
>
> Bye
> Volker
>
> --
>
> Volker Tanger <[EMAIL PROTECTED]>
> Wrangelstr. 100, 10997 Berlin, Germany
> DiSCON GmbH - Internet Solutions
> http://www.discon.de/
>
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
