Re: MS99-027 - New IIS problem?

• Previous message: Paul Craig: "RE: Scanning for blank admin passwords on a windows box"
• In reply to: Jason: "MS99-027 - New IIS problem?"
• Next in thread: Jason binger: "Re: MS99-027 - New IIS problem?"
• Reply: Jason binger: "Re: MS99-027 - New IIS problem?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

On Mon, Jul 08, 2002 at 06:11:49AM -0000, Jason wrote:
> I was recently doing a penetration test and noticed a problem with the 
> SMTP component of their web server that allowed me to relay mail using an 
> old SMTP encapsulation problem.

is this the same problem mentioned in the "Portcullis Security Advisory -
IIS Microsoft SMTP Service Encapsulated SMTP Address Vulnerability"?
(http://cert.uni-stuttgart.de/archive/bugtraq/2002/07/msg00129.html)

-- 
Tom Fischer                              Tom.Fischerat_private-stuttgart.de
RUS-CERT University of Stuttgart       Tel:+49 711 685-8076 / -5898 (fax)
Allmandring 30, D-70550 Stuttgart           http://cert.uni-stuttgart.de/

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

• Next message: Joshua Levitsky: "Re: Scanning for blank admin passwords on a windows box"
• Previous message: Paul Craig: "RE: Scanning for blank admin passwords on a windows box"
• In reply to: Jason: "MS99-027 - New IIS problem?"
• Next in thread: Jason binger: "Re: MS99-027 - New IIS problem?"
• Reply: Jason binger: "Re: MS99-027 - New IIS problem?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sat Jul 13 2002 - 10:26:20 PDT