IIS Buffer Over Flow

***Palemoon*** · June 13th, 2002, 05:14 AM

Ok just released today a hole that could be as serious as CodeRed etc. Info about and link to patch how many does that make this year?
http://www.eeye.com/html/Research/Ad...D20010618.html

***micael*** · June 13th, 2002, 07:45 AM

Hmm the article seems a bit old.. Did you add wrong url ??

Ok just released today a hole that could be as serious as CodeRed etc. Info about and link to patch how many does that make this year?
http://www.eeye.com/html/Research/Ad...D20010618.html

Cut and paste From the link you provided.

All versions of Microsoft Internet Information Services Remote buffer overflow (SYSTEM Level Access)

Release Date:
June 18, 2001

Severity:
High (Remote SYSTEM level code execution)

Systems Affected:
Microsoft Windows NT 4.0 Internet Information Services 4.0
Microsoft Windows 2000 Internet Information Services 5.0
Microsoft Windows XP beta Internet Information Services 6.0 beta

Description:
There exists a remote buffer overflow vulnerability in all versions of Microsoft Internet Information Services (IIS) web server software.

**ntsa** · June 13th, 2002, 07:46 AM

Another Ida exploit. If you've not removed the ida isapi you deverve pretty much everything you get. See this tutorial for more information in which I cover removing ida isapi:
Securing an installation of IIS 4. (No, seriously)

Good find Palemoon - but <confusion>released today?</confusion> The Article is dated June 18, _2001_

***Palemoon*** · June 13th, 2002, 03:05 PM

My error on the link people, goes to show you anyone can have a Ueeee and one should not get on-line when ill. 5 Holes this week alone from MS, trustworthing computing...Me thinks Not sorry again for the error.

**avenger_jcc** · June 13th, 2002, 03:25 PM

Are you going to post the correct link then?

***Palemoon*** · June 13th, 2002, 03:34 PM

Lets give it another sorry moving real s-l-o-w http://bvlive01.iss.net/issEn/delive...sp?id=advise95 should have a few bits of info on the some 30 flaws in M$ products to date. Funny how M$ places on their own site most of them as minor while most other sites rate them much more serious.

**avenger_jcc** · June 13th, 2002, 05:37 PM

that one is posted from sept 2001.... ????

***mohaughn*** · June 13th, 2002, 07:42 PM

Originally posted here by avenger_jcc
that one is posted from sept 2001.... ????

There are three threads in this forum with the information about the new security notifications MS sent out today. The IIS exploit is 02-028. I wonder what it is that is making palemoon so ill that he doesn't know what the date is.

**cyb3rn3tik** · June 13th, 2002, 08:39 PM

/me sighs...........*m$, m$, m$, when will you learn, look at the security just as must as the smiley interface*

%example%: Windows XP, nice little purdy Fisher-Price interface (which I had to skin to a black setup just to be able to bear looking at it), and so many spyware/security holes it gives you a headache.........

***souleman*** · June 13th, 2002, 09:07 PM

bleah
from bugtraq

More info on the microsoft critical alert:
http://www.microsoft.com/technet/tre...n/MS02-027.asp
More info on the breakage: http://www.pivx.com/workaround_fail.html

This is a different problem. They released a fix and it broke more then if fixed. Sorry, didn't have time to start a new thread. I got to go to the dentist....

Thread: IIS Buffer Over Flow

Thread Tools

Display

IIS Buffer Over Flow

Posting Permissions