As far as I can see, the two scripts iis_ida_isapi.nasl iis_isapi_overflow.nasl are testing for the same vulnerability. In iis_ida_isapi.nasl the test is for the URL /NULL.ida While iis_isapi_overflow.nasl the test is for the URL /x.ida?xxxxxxxxx .... xxxx This first test is the same as the exploit in http://downloads.securityfocus.com/vulnerabilities/exploits/isapi-dos2.c and the second is the same as the exploit in http://downloads.securityfocus.com/vulnerabilities/exploits/iis5idq_exp.txt http://downloads.securityfocus.com/vulnerabilities/exploits/idanastyexploit.txt All of these exploits are referenced from http://www.securityfocus.com/bid/2880/exploit/ The first script (iis_ida_isapi.nasl) references BID 2880. In contrast the second script (iis_isapi_overflow.nasl) references BID 2690, 3190, 3194, 3195. None of these bugtraq vulnerabilities makes any reference to a URL with the extension .ida Similarly, none of the referenced CVE CVE-2001-0544, CVE-2001-0545, CVE-2001-0506, CVE-2001-0507, CVE-2001-0508, CVE-2001-0500 include a .ida URL. Thus, it appears that iis_isapi_overflow.nasl is merely a duplication of iis_ida_isapi.nasl. However, iis_isapi_overflow.nasl has the wrong BID and CVE references. I believe that iis_isapi_overflow.nasl should be removed. Its description is wrong, its references are wrong and it is a duplication of iis_ida_isapi.nasl. _______________________________________________ Plugins-writers mailing list Plugins-writers@private http://mail.nessus.org/mailman/listinfo/plugins-writers
This archive was generated by hypermail 2b30 : Wed Feb 25 2004 - 23:15:02 PST