Bugtraq mailing list archives
NT IIS 2.0 Bug -- Fix available.
From: Russ.Cooper () RC on ca (Russ)
Date: Tue, 10 Dec 1996 11:26:24 -0500
All, * After Service Pack 1 for Windows NT 4.0 was released, a bug was found in Internet Information Server 2.0 (HTTP, FTP, Gopher server) that would permit someone to easily crash IIS (not NT) via an HTTP command. Yesterday, the information on how to crash IIS was sent out to a variety of mailing lists. The result is that a lot of people have this information in their hands, to do with as they please. * A fix has been made available by Microsoft. This fix is to be included in their next service pack for NT (SP2) which is due out around Dec. 20th. In the meantime, Service Pack 1 has been revised to include this fix and is available via anonymous FTP from; * ftp://ftp.microsoft.com/transfer/outgoing/bussys/mail/sp1a.zip * I strongly recommend that any NT 4.0 IIS site, which is exposed to untrusted networks, should review and apply the above service pack as soon as possible. * Cheers, Russ R.C. Consulting, Inc. - NT/Internet Security Consulting mailto:Russ.Cooper () RC on ca <-- *note the new address* Cheers, Russ R.C. Consulting, Inc. - NT/Internet Security Consulting mailto:Russ.Cooper () RC on ca <-- *note the new address*
Current thread:
- NT IIS 2.0 Bug -- Fix available. Russ (Dec 10)