+ more. Tried a few other DLL's to no
avail.
Curt Wilson
On Sun, 06 Jul 2003 11:42:42 -0700 Rick <[EMAIL PROTECTED]> wrote:
>There is buffer overflow in rundll32.exe when it is passed big string
>as routine name for a module. I've tested this on WindowsXP SP1. But
>other ve
I work with a company that has a financial services vendor that ships
their customized IIS4 systems with everyone/full control on C: or else
it "breaks the application". Of course, these perms reach the winnt/system32
dir, but I used cacls to restrict winnt/system32/*.exe from the
IUSR account wi
x to log better details when the
FW itself is attacked? Perhaps I should try attacking the fw telnet
port from the outside with an IPSec packet and examine the logging.
Thanks,
Curt Wilson
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
| Curt R. Wilson * Netw3 Consulting *
ity several months ago, but
at the time they were dealing with the mailguard problem and didn't take
any action (that I am aware of).
For more information on this please see some of my PIX attack patterns
research posted to SANS GIAC a while back:
http://www.sans.org/y2k/110300.htm
Curt Wil