Re: Fw: New vulnerability in IIS4.0/5.0

From: John Q. Public (tpublicat_private)
Date: Wed Sep 19 2001 - 10:19:04 PDT

  • Next message: Alan Pitts: "tftp plugin bug"

    Of course this doesn't actually test for the presence of Nimda, nor does it
    successfully prove vulnerability, since it is rumored to travel via email and
    obviously is being served by infected http servers.
    I've seen hosts that are pecking at my door that do not have IIS running,
    but it was pretty clear by the file shares and the number of .eml files
    that it wasn't feeling well.
    On Wed, 19 Sep 2001, Renaud Deraison wrote:
    |On Wed, Sep 19, 2001 at 06:29:19PM +0200, Felix Huber wrote:
    |> I just wrote a NASL for this Bug. Its untested but I hope it works.
    |> The problem was I found no IIS where I could reproduce this error ( I testet
    |> five IIS 4 and IIS 5 Boxes ).
    |> I will improve it when i found a working Box ...
    |I think it would be wiser to re-use iis_dir_traversal.nasl, which was
    |heavily worked on and which does not only check for /scripts.
    |Attached is a modified version of it (but I don't know if it works or
    |not, I could not reproduce the flaw yet).
    |				-- Renaud

    This archive was generated by hypermail 2b30 : Wed Sep 19 2001 - 10:19:30 PDT