[10832] in bugtraq
Update to IIS hole.
daemon@ATHENA.MIT.EDU (Marc)
Wed Jun 16 14:38:53 1999
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Message-Id: <02e701beb7e7$5aeb96f0$abd40018@CORE.EEYE>
Date: Wed, 16 Jun 1999 10:59:38 -0000
Reply-To: Marc <Marc@EEYE.COM>
From: Marc <Marc@EEYE.COM>
To: BUGTRAQ@NETSPACE.ORG
Hi,
We have been receiving some eMails from people saying that the iishack.exe
on our website is not working for them and is just crashing the remote
server. Here is what we know and do not know etc..
We have tested it on the English version of NT4.0, with IIS4.0, Service Pack
4 and 5.
We have had some people eMail us that they have this configuration and it is
not working... This very well could be possible that the offset we are using
is not working for some dll's and such... people might have a different
version and what not. For this case we *might* release a second exploit that
uses a better offset that should work on all nt4.0 iis4.0 sp4 and sp5
machines but honestly it is not that big of a deal to us. The hole is there,
and is exploitable and other people have been writing exploits for it also.
We do know that our exploit probably does not work on sp3 because off the
offset we use... we have gotten a few eMails about this and we never did
test nor claim it worked on sp3 but we *might* in our second version of the
exploit find a offset that works for sp3 also.
I honestly think this post is in some ways pointless but maybe it will help
to cut back some of the eMails we are getting about the above information.
Thank you to everyone who has been helping out.
Signed,
Marc
eEye Digital Security Team
http://www.eEye.com
P.S.
Jump on over to technotronic.com for some good information and other
exploits and such.
