When we were researching the .ida exploit we came across this _potential_ bug and we therefore fixed the problem before the Microsoft security advisory was released. We also notified all of our customers about the new version of SecureIIS and that they _needed_ to upgrade to the latest version (at the time that was 1.1) because we updated some of our technologies within SecureIIS. So in the end people that were using SecureIIS were actually protected from the .ida vulnerability days before the vulnerability even was released to any public forum etc... In the future if you find what you believe to be a bug then I would suggest contacting us first so that we can give you the needed information (I.E. 3 or so new versions of SecureIIS have been released since 1.0.6) and if there is a valid problem then we can fix that problem. This however is not an issue. Thanks! Signed, Marc Maiffret Chief Hacking Officer eEye Digital Security T.949.349.9062 F.949.349.9538 http://eEye.com/Retina - Network Security Scanner http://eEye.com/Iris - Network Traffic Analyzer http://eEye.com/SecureIIS - Stop known and unknown IIS vulnerabilities |---------- Forwarded message ---------- |Date: Wed, 27 Jun 2001 00:56:48 +0200 |From: Crussaider <crussaiderat_private> |To: bugtraqat_private |Subject: ISAPI and SECUREIIS | | | | Hi all, | | after some testing I noticed that SecureIIS 1.0.6 does not | protect IIS 5.0 from ISAPI DoS attack. In the attachment is | isapi-dos2.c and isapi.exe cygwin compilation. | | After attack with this exploit IIS is down. In SecureIIS i | have very restrictive polices, but anyway it did not manage to | protect it from this kind of attack. | To try isapi.exe you must have cygwin1.dll | | Does anyone have similar experience? | | | |-- |Best regards, | Crussaider mailto:crussaiderat_private |
This archive was generated by hypermail 2b30 : Thu Jun 28 2001 - 00:44:35 PDT