|
|
| Applications |
| Mailing Lists |
| Miscellaneous |
| Operating Systems |
| Programming |
Re: IIS 4 Security
Date: Fri Dec 13 2002 - 13:49:46 EST
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
At 10:13 AM 12/13/2002, H D Moore wrote:
> > I disagree here... Most of the buffer overflows require accessing the
> > vulnerable .dll file, which would not be possible without
> > authentication in the example provided by the OP.
>
>Yes, but it doesn't have to be the attackers authentication used in the
Certainly no excuse for such a deployment, but I think the OP was more interested in the theory behind authenticated-only access configurations and what 'inherent' security such a setup would offer against 'direct' attacks on the public system.
One could indeed try to exploit a internal client system first and use authenticated access as in your example (assuming integrated authentication was in use) or some other insidious methods-- I would still assert that the OP's contention that "It is reasonably secure right up until a brute force attack or eaves dropping yields a valid username/pass" is correct-- it is "reasonably secure."
I found Henry's post very interesting, specifically the notion that the request is first parsed before the ACL applied to see what object was being called in the first place. If correct, that would support the theory that one could exploit a component with ACL's on it before the ACL was enforced. I just couldn't get that to work in any of my tests (which was good!).
Any other comments about that particular theory?
AD
-----BEGIN PGP SIGNATURE-----
Version: PGP 7.1
iQA/AwUBPforyohsmyD15h5gEQIL1ACgv9slfkEUk4cGKkUHzmgMqRFBquoAn0ac
RPXfMRStdwHBckSeq3baiYMH
=9Pml
-----END PGP SIGNATURE-----
Received on Fri Dec 13 14:52:29 2002
This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:01:25 EDT
|
Contact Us Legal Notices Order Services Online Pantek Home Privacy Policy IT news Site Map Pantek Library |