Re: IIS

From: miguel.dilajat_private
Date: Wed Oct 24 2001 - 03:56:11 PDT

Next message: Garreth Jeremiah/Markham/IBM: "Re: IIS : access to cmd.exe and multiple commands on one line"

Previous message: Daniel Polombo: "Re: IIS : access to cmd.exe and multiple commands on one line"
Maybe in reply to: Leandro Malaquias: "IIS"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello all

Little intro: I'm new to the list. I'm a Linux and IT security instructor
and consultant in Argentina, doing penetration testing as part of the job.

Some time ago somebody discussed this point on BugTraq. It seems that
applying SP2 causes inconsistency due to some DLLs being downgraded (i.e.
SP2 was badly built). People in BT suggested to do a full backup before
applying SP2, and then restore the newest DLLs from the backup.
Well... it's not the first time M$ did that to us... poor people.
Cheers,

Miguel Dilaj





Leandro Malaquias <wazupat_private> on 23/10/2001 13:42:46

To:   pen-testat_private
cc:
Subject:  IIS


Wazup,

I'm a security analyst for a company here in brazil and I noticed something
odd, so I was wondering if anyone else had this problem aswell and how was
it
solved.
The company I work for were running IIS 5.0 SP1 with all patches applied
(all
3 billion of them hahaaha)
And everything was running smoothly untill they decided to install SP2.
At first all I noticed was that some patches were removed, so I told them
to
re-apply those patches missing.
The wierd thing was that when they tried to apply the missing patches a pop
up error message came up saying that they were not allowed to install
patches
before the SP2.
I've contacted microsoft but the reply was "READ TECHNET" (in other words
they didn't have a clue on what to do).

BY D WAY MICROSOFT I DIDN'T FIND A THING ABOUT THIS PROBLEM IN TECHNET.

So people beware...

The main vulnerabilities that I found after they installed SP2 were:

-Shtml.exe Denial of Service
-Internet Printing Buffer Overflow

Peace in the middle east


Leandro Malaquias

----------------------------------------------------------------------------

This list is provided by the SecurityFocus Security Intelligence Alert
(SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/






----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Next message: Garreth Jeremiah/Markham/IBM: "Re: IIS : access to cmd.exe and multiple commands on one line"
Previous message: Daniel Polombo: "Re: IIS : access to cmd.exe and multiple commands on one line"
Maybe in reply to: Leandro Malaquias: "IIS"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Oct 24 2001 - 10:08:21 PDT