Re: MS99-027 - New IIS problem?

From: Jason binger (cisspstudy@yahoo.com)
Date: Sat Jul 13 2002 - 19:51:25 EDT

• Next message: chris: "OpenSSH (version < 3.4p1) && linux"
• Previous message: Joshua Levitsky: "Re: Scanning for blank admin passwords on a windows box"
• In reply to: Tom Fischer: "Re: MS99-027 - New IIS problem?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Yes this is the exact same issue that I posted a few
days before they posted their advisory.

I guess these days its not who finds the bug that gets
the credit. It is the person that types up an advisory
first =]

I notified Microsoft of this issue on the 8th of July.
The reason I notified the penetration testing list and
not bugtraq, was that I wanted some people to confirm
the issue in case it was something specific to the
system I was testing in the way it was patched etc...

Jason

--- Tom Fischer <Tom.Fischer@rus.uni-stuttgart.de>
wrote:
> Hi,
>
> On Mon, Jul 08, 2002 at 06:11:49AM -0000, Jason
> wrote:
> > I was recently doing a penetration test and
> noticed a problem with the
> > SMTP component of their web server that allowed me
> to relay mail using an
> > old SMTP encapsulation problem.
>
> is this the same problem mentioned in the
> "Portcullis Security Advisory -
> IIS Microsoft SMTP Service Encapsulated SMTP Address
> Vulnerability"?
>
(http://cert.uni-stuttgart.de/archive/bugtraq/2002/07/msg00129.html)
>
> --
> Tom Fischer
> Tom.Fischer@rus.uni-stuttgart.de
> RUS-CERT University of Stuttgart Tel:+49 711
> 685-8076 / -5898 (fax)
> Allmandring 30, D-70550 Stuttgart
> http://cert.uni-stuttgart.de/
>
>
----------------------------------------------------------------------------
> This list is provided by the SecurityFocus Security
> Intelligence Alert (SIA)
> Service. For more information on SecurityFocus' SIA
> service which
> automatically alerts you to the latest security
> vulnerabilities please see:
> https://alerts.securityfocus.com/
>
>
>

__________________________________________________
Do You Yahoo!?
Yahoo! Autos - Get free new car price quotes
http://autos.yahoo.com

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

• Next message: chris: "OpenSSH (version < 3.4p1) && linux"
• Previous message: Joshua Levitsky: "Re: Scanning for blank admin passwords on a windows box"
• In reply to: Tom Fischer: "Re: MS99-027 - New IIS problem?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:23 EDT