SANS is a bit behind the curve if they have just announced this today as this has been around for a few weeks now. First on some geocities website, then on packetstorm, then finally on the win2ksec mailing list (and a few others). As a side note... a few people have confused the .ida worm with hsj's exploit... hsj's exploit is _not_ a worm. Just wanted to clear that up for the handful of people I have seen misreporting things. Signed, Marc Maiffret Chief Hacking Officer eEye Digital Security T.949.349.9062 F.949.349.9538 http://eEye.com/Retina - Network Security Scanner http://eEye.com/Iris - Network Traffic Analyzer http://eEye.com/SecureIIS - Stop known and unknown IIS vulnerabilities |-----Original Message----- |From: Jason Staples - CNW [mailto:ellisat_private] |Sent: Wednesday, July 18, 2001 6:14 PM |To: bugtraqat_private |Subject: IIS5 .idq exploit | | | |SANS accounced its availability today, and after spending a bit of time |searching, I finally found the new IIS5 exploit. | |http://www.geocities.co.jp/MotorCity/5319/iis5idq_exp.txt | |Regards, |Jason | |+--------------------------------------+----------------------------+ || Jason Staples jasonat_private | /"\ | || Network Engineer Security Analyst | \ / ASCII Ribbon Campaign | || | X Against HTML E-Mail | || Connect Northwest Internet Services. | / \ <!-- <HTML> --> | |+--------------------------------------+----------------------------+ |
This archive was generated by hypermail 2b30 : Wed Jul 18 2001 - 22:00:44 PDT