Yes this is the exact same issue that I posted a few days before they posted their advisory. I guess these days its not who finds the bug that gets the credit. It is the person that types up an advisory first =] I notified Microsoft of this issue on the 8th of July. The reason I notified the penetration testing list and not bugtraq, was that I wanted some people to confirm the issue in case it was something specific to the system I was testing in the way it was patched etc... Jason --- Tom Fischer <Tom.Fischerat_private-stuttgart.de> wrote: > Hi, > > On Mon, Jul 08, 2002 at 06:11:49AM -0000, Jason > wrote: > > I was recently doing a penetration test and > noticed a problem with the > > SMTP component of their web server that allowed me > to relay mail using an > > old SMTP encapsulation problem. > > is this the same problem mentioned in the > "Portcullis Security Advisory - > IIS Microsoft SMTP Service Encapsulated SMTP Address > Vulnerability"? > (http://cert.uni-stuttgart.de/archive/bugtraq/2002/07/msg00129.html) > > -- > Tom Fischer > Tom.Fischerat_private-stuttgart.de > RUS-CERT University of Stuttgart Tel:+49 711 > 685-8076 / -5898 (fax) > Allmandring 30, D-70550 Stuttgart > http://cert.uni-stuttgart.de/ > > ---------------------------------------------------------------------------- > This list is provided by the SecurityFocus Security > Intelligence Alert (SIA) > Service. For more information on SecurityFocus' SIA > service which > automatically alerts you to the latest security > vulnerabilities please see: > https://alerts.securityfocus.com/ > > > __________________________________________________ Do You Yahoo!? Yahoo! Autos - Get free new car price quotes http://autos.yahoo.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Mon Jul 15 2002 - 08:55:18 PDT