Re: MS99-027 - New IIS problem?

From: Jason binger (cisspstudyat_private)
Date: Sat Jul 13 2002 - 16:51:25 PDT

Next message: chris: "OpenSSH (version < 3.4p1) && linux"

Previous message: Joshua Levitsky: "Re: Scanning for blank admin passwords on a windows box"
In reply to: Tom Fischer: "Re: MS99-027 - New IIS problem?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Yes this is the exact same issue that I posted a few
days before they posted their advisory.

I guess these days its not who finds the bug that gets
the credit. It is the person that types up an advisory
first =]

I notified Microsoft of this issue on the 8th of July.
The reason I notified the penetration testing list and
not bugtraq, was that I wanted some people to confirm
the issue in case it was something specific to the
system I was testing in the way it was patched etc...

Jason



--- Tom Fischer <Tom.Fischerat_private-stuttgart.de>
wrote:
> Hi,
> 
> On Mon, Jul 08, 2002 at 06:11:49AM -0000, Jason
> wrote:
> > I was recently doing a penetration test and
> noticed a problem with the 
> > SMTP component of their web server that allowed me
> to relay mail using an 
> > old SMTP encapsulation problem.
> 
> is this the same problem mentioned in the
> "Portcullis Security Advisory -
> IIS Microsoft SMTP Service Encapsulated SMTP Address
> Vulnerability"?
>
(http://cert.uni-stuttgart.de/archive/bugtraq/2002/07/msg00129.html)
> 
> -- 
> Tom Fischer                             
> Tom.Fischerat_private-stuttgart.de
> RUS-CERT University of Stuttgart       Tel:+49 711
> 685-8076 / -5898 (fax)
> Allmandring 30, D-70550 Stuttgart          
> http://cert.uni-stuttgart.de/
> 
>
----------------------------------------------------------------------------
> This list is provided by the SecurityFocus Security
> Intelligence Alert (SIA)
> Service. For more information on SecurityFocus' SIA
> service which
> automatically alerts you to the latest security
> vulnerabilities please see:
> https://alerts.securityfocus.com/
> 
> 
> 


__________________________________________________
Do You Yahoo!?
Yahoo! Autos - Get free new car price quotes
http://autos.yahoo.com

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Next message: chris: "OpenSSH (version < 3.4p1) && linux"
Previous message: Joshua Levitsky: "Re: Scanning for blank admin passwords on a windows box"
In reply to: Tom Fischer: "Re: MS99-027 - New IIS problem?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Jul 15 2002 - 08:55:18 PDT