Cybercop scanner returning false positive? IPP overflow on IIS4

From: Colin_Kushnierat_private
Date: Fri May 25 2001 - 08:38:45 PDT

Next message: Ryan Russell: "Re: pen-testing cisco routers"

Previous message: Wolfgang Zenker: "Re: Discovering hosts behind NAT"
Reply: Max Vision: "Re: Cybercop scanner returning false positive? IPP overflow on IIS4"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I have a question regarding the behavior of module 10091 (newly released in
update 5.5-200106?) in Cybercop 5.5 on NT4.

While scanning a group of IIS4.0 servers in one environment, this module, which
checks for the IIS IPP ISAPI extension buffer overflow of Microsoft bulletin
<http://www.microsoft.com/technet/security/bulletin/MS01-023.asp> returns
positive. According to the bulletin and my understanding of the vulnerability,
it affects IIS5.0 only.
Scanning IIS4.0 servers in a different environment returns no results for this
module, ie. false.

I haven't yet contacted NAI, I was wondering if anyone has seen similar
results...

Thanks,

Colin

Next message: Ryan Russell: "Re: pen-testing cisco routers"
Previous message: Wolfgang Zenker: "Re: Discovering hosts behind NAT"
Reply: Max Vision: "Re: Cybercop scanner returning false positive? IPP overflow on IIS4"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri May 25 2001 - 11:53:58 PDT