[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Big IIS doodoo

To: luci-discuss@luci.org
Subject: Re: Big IIS doodoo
From: John Corey <whoop@mtco.com>
Date: Tue, 15 Jun 1999 21:05:09 -0500
Organization: Linux Users of Central Illinois
References: <19990615204241.A2985@bastion.cnsnet.net>
Reply-To: luci-discuss@luci.org
Sender: owner-luci-discuss@luci.org

--Damacus-- wrote:
> 
> One of my friends from NZ is friends with a group eeye.com.  He hangs around
> in mulysa and #beavuh on IRC.  Gotta love 'em.
> 
> Anyhow, they've discovered quite a hole in IIS which is quite nasty.
> 
> They gave MS a chance to write and reply before releasing this:
> 
> www.eeye.com
> http://www.eeye.com/database/advisories/ad06081999/ad06081999.html
> 
> Full exploit ASM source is available.  My friend says that there will be a
> Linux port of the exploit source, not that we have a use for that.
> 

I just did a little research comparing this to the recent ICMP
denial-of-service attack, put up on <A
HREF=http://slashdot.org/comments.pl?sid=99/06/15/2057242&threshold=0&commentsort=0&mode=thread&pid=3#134>Slashdot</A>. 
What makes it even more interesting is that MS themselves claim to have
discovered it on May 28, so 18 days and counting for a real fix (for
those sites that rely on the use of .HTR files, whatever they are).

John

--
To unsubscribe, send email to majordomo@luci.org with
"unsubscribe luci-discuss" in the body.

Follow-Ups:
- Re: Big IIS doodoo
  - From: Jeff Licquia <jeff@luci.org>

References:
- Big IIS doodoo
  - From: --Damacus-- <damacus@bastion.cnsnet.net>

Prev by Date: Big IIS doodoo
Next by Date: Re: Big IIS doodoo
Prev by thread: Big IIS doodoo
Next by thread: Re: Big IIS doodoo
Index(es):
- Date
- Thread