[21628] in bugtraq
RE: IIS5 .idq exploit
daemon@ATHENA.MIT.EDU (Marc Maiffret)
Thu Jul 19 01:01:41 2001
From: "Marc Maiffret" <marc@eeye.com>
To: "Jason Staples - CNW" <ellis@cnw.com>, <bugtraq@securityfocus.com>
Date: Wed, 18 Jul 2001 21:47:06 -0700
Message-ID: <EIEOJCKGEPCLJHGCNNOPKEFAEAAA.marc@eeye.com>
MIME-Version: 1.0
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: 7bit
In-Reply-To: <Pine.GSO.3.96.1010718180853.9892B-200000@baker.cnw.com>
SANS is a bit behind the curve if they have just announced this today as
this has been around for a few weeks now. First on some geocities website,
then on packetstorm, then finally on the win2ksec mailing list (and a few
others).
As a side note... a few people have confused the .ida worm with hsj's
exploit... hsj's exploit is _not_ a worm. Just wanted to clear that up for
the handful of people I have seen misreporting things.
Signed,
Marc Maiffret
Chief Hacking Officer
eEye Digital Security
T.949.349.9062
F.949.349.9538
http://eEye.com/Retina - Network Security Scanner
http://eEye.com/Iris - Network Traffic Analyzer
http://eEye.com/SecureIIS - Stop known and unknown IIS vulnerabilities
|-----Original Message-----
|From: Jason Staples - CNW [mailto:ellis@cnw.com]
|Sent: Wednesday, July 18, 2001 6:14 PM
|To: bugtraq@securityfocus.com
|Subject: IIS5 .idq exploit
|
|
|
|SANS accounced its availability today, and after spending a bit of time
|searching, I finally found the new IIS5 exploit.
|
|http://www.geocities.co.jp/MotorCity/5319/iis5idq_exp.txt
|
|Regards,
|Jason
|
|+--------------------------------------+----------------------------+
|| Jason Staples jason@cnw.com | /"\ |
|| Network Engineer Security Analyst | \ / ASCII Ribbon Campaign |
|| | X Against HTML E-Mail |
|| Connect Northwest Internet Services. | / \ <!-- <HTML> --> |
|+--------------------------------------+----------------------------+
|
