IIS Buffer Over Flow
Results 1 to 10 of 10

Thread: IIS Buffer Over Flow

  1. #1
    Senior Member
    Join Date
    Apr 2002
    Posts
    889

    IIS Buffer Over Flow

    Ok just released today a hole that could be as serious as CodeRed etc. Info about and link to patch how many does that make this year?
    http://www.eeye.com/html/Research/Ad...D20010618.html
    I believe that one of the characteristics of the human race - possibly the one that is primarily responsible for its course of evolution - is that it has grown by creatively responding to failure.- Glen Seaborg

  2. #2
    Senior Member
    Join Date
    Nov 2001
    Posts
    742
    Hmm the article seems a bit old.. Did you add wrong url ??

    Ok just released today a hole that could be as serious as CodeRed etc. Info about and link to patch how many does that make this year?
    http://www.eeye.com/html/Research/Ad...D20010618.html
    Cut and paste From the link you provided.

    All versions of Microsoft Internet Information Services Remote buffer overflow (SYSTEM Level Access)

    Release Date:
    June 18, 2001

    Severity:
    High (Remote SYSTEM level code execution)

    Systems Affected:
    Microsoft Windows NT 4.0 Internet Information Services 4.0
    Microsoft Windows 2000 Internet Information Services 5.0
    Microsoft Windows XP beta Internet Information Services 6.0 beta

    Description:
    There exists a remote buffer overflow vulnerability in all versions of Microsoft Internet Information Services (IIS) web server software.

  3. #3
    Senior Member
    Join Date
    Apr 2002
    Posts
    324
    Another Ida exploit. If you've not removed the ida isapi you deverve pretty much everything you get. See this tutorial for more information in which I cover removing ida isapi:
    Securing an installation of IIS 4. (No, seriously)

    Good find Palemoon - but <confusion>released today?</confusion> The Article is dated June 18, _2001_
    \"I may not agree with what you say, but I will defend to the death your right to say it.\"
    Sir Winston Churchill.

  4. #4
    Senior Member
    Join Date
    Apr 2002
    Posts
    889
    My error on the link people, goes to show you anyone can have a Ueeee and one should not get on-line when ill. 5 Holes this week alone from MS, trustworthing computing...Me thinks Not sorry again for the error.
    I believe that one of the characteristics of the human race - possibly the one that is primarily responsible for its course of evolution - is that it has grown by creatively responding to failure.- Glen Seaborg

  5. #5
    Senior Member
    Join Date
    Feb 2002
    Posts
    518
    Are you going to post the correct link then?
    Remember -
    The ark was built by amatures...
    The Titanic was built by professionals.

  6. #6
    Senior Member
    Join Date
    Apr 2002
    Posts
    889
    Lets give it another sorry moving real s-l-o-w http://bvlive01.iss.net/issEn/delive...sp?id=advise95 should have a few bits of info on the some 30 flaws in M$ products to date. Funny how M$ places on their own site most of them as minor while most other sites rate them much more serious.
    I believe that one of the characteristics of the human race - possibly the one that is primarily responsible for its course of evolution - is that it has grown by creatively responding to failure.- Glen Seaborg

  7. #7
    Senior Member
    Join Date
    Feb 2002
    Posts
    518
    that one is posted from sept 2001.... ????
    Remember -
    The ark was built by amatures...
    The Titanic was built by professionals.

  8. #8
    Senior Member
    Join Date
    Oct 2001
    Posts
    748
    Originally posted here by avenger_jcc
    that one is posted from sept 2001.... ????
    There are three threads in this forum with the information about the new security notifications MS sent out today. The IIS exploit is 02-028. I wonder what it is that is making palemoon so ill that he doesn't know what the date is.

  9. #9
    Banned
    Join Date
    Jun 2002
    Posts
    101
    /me sighs...........*m$, m$, m$, when will you learn, look at the security just as must as the smiley interface*

    %example%: Windows XP, nice little purdy Fisher-Price interface (which I had to skin to a black setup just to be able to bear looking at it), and so many spyware/security holes it gives you a headache.........

  10. #10
    AntiOnline Senior Member souleman's Avatar
    Join Date
    Oct 2001
    Location
    Flint, MI
    Posts
    2,884
    bleah
    from bugtraq

    More info on the microsoft critical alert:
    http://www.microsoft.com/technet/tre...n/MS02-027.asp
    More info on the breakage: http://www.pivx.com/workaround_fail.html


    This is a different problem. They released a fix and it broke more then if fixed. Sorry, didn't have time to start a new thread. I got to go to the dentist....
    \"Ignorance is bliss....
    but only for your enemy\"
    -- souleman

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •