<a href="http://g.adspeed.net/ad.php?do=clk&zid=14678&wd=728&ht=90&pair=as" target="_top"><img style="border:0px;" src="http://g.adspeed.net/ad.php?do=img&zid=14678&wd=728&ht=90&pair=as" alt="i" width="728" height="90"/></a>

Nmap Security Scanner

Docs
Security Lists

Full Disclosure

More
Security Tools

Packet crafters

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

edgeos network security services platform

Bugtraq: bid: 9660 : Microsoft IIS Unspecified Remote Denial Of Service Vu lnerability

bid: 9660 : Microsoft IIS Unspecified Remote Denial Of Service Vu lnerability

From: <kquest_at_toplayer.com>
Date: Wed, 18 Feb 2004 10:02:49 -0500

This is not an unspecified remote DoS.
This is related to the vulnerabilities discovered by EEYE.
The reason the exploit caused a DoS is because the OpenSSL
vulnerabilities and vulnerabilities discovered by EEYE overlap.
They both have a length integer overflow. I actually believe that
EEYE discovered their vulnerabilities right after the OpenSSL
vulnerabilities came out. They ran their PoC code against
IIS and discovered a DoS (just like this bid reports). Then they
dug a bit deeper and now we have those multiple MS ASN.1 vulnerabilities
that everybody is talking about. It was pretty much a no brainer for them.

Kyle
Received on Feb 18 2004

This message: [ Message body ]
Next message: Michael Samuel: "Re: [Full-Disclosure] ASN.1 telephony critical infrastructure warning - VOIP"
Previous message: 3APA3A: "Re[2]: [Full-Disclosure] ASN.1 telephony critical infrastructure warning - VOIP"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]