|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Thierry Zoller (Thierry
Zoller.lu)
Date: Tue Sep 08 2009 - 05:46:40 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hi Kingcope,
Thanks to a hint by "Petar" on the G-SEC blog [1] it appears
that the very same bug was present in IIS3 and IIS4 and discovered
by eeye in 1999 :
http://research.eeye.com/html/advisories/published/AD19990124.html
"Microsoft IIS (Internet Information Server) FTP service contains a
buffer overflow in the NLST command. This could be used to DoS a remote
machine and in some cases execute code remotely."
Is this the same bug andwas the bug re-introduced ? Has Microsoft
fixed LS but not NLST? "svn" mishap ?
Maybe Mudge and/or Dildog can comment - would certainly be interesting
to know whether and if HOW this bug was reintroduced.
[1] http://blog.g-sec.lu/2009/09/iis-5-iis-6-ftp-vulnerability.html
Regards,
Thierry ZOLLER
--
http://blog.zoller.lu
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]