Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: full disclosure my dear (Microsoft IIS 6.0 Denial of Service)
From: "HI-TECH ." <isowarez.isowarez.isowarez () googlemail com>
Date: Fri, 1 Oct 2010 22:11:31 +0200

Hello list,
looks like this bug is covered by MS10-065 ('IIS Repeated Parameter
Request Denial of Service Vulnerability') as tests by VUPEN have
shown.
from vupen on twitter:
"We analyzed the MS IIS 0day disclosed by @kingcope and we confirmed
that it is NOT a 0D. This is the DoS fixed in MS10-065"
I personally have looked into MS10-065 by binary diffing but was
unaware that the PoC exploits the same bug.
Now at least you can test your server for the bug. Thanks to vupen for
pointing this out.
Regards,
Kingcope

2010/10/1 Benji <me () b3nji com>

geeks - the only ones that could ever possibly care about a DOS.

On Fri, Oct 1, 2010 at 10:23 AM, Jacky Jack <jacksonsmth698 () gmail com> wrote:
Are you trying to Pwn$$$$$ G33ks here?


On Fri, Oct 1, 2010 at 8:41 AM, HI-TECH .
<isowarez.isowarez.isowarez () googlemail com> wrote:
vulnerability description is attached to this email.

/Kingcope

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault