Bugtraq mailing list archives
Re: Fwd: Information on MS99-022
From: Marc () EEYE COM (Marc)
Date: Sat, 3 Jul 1999 22:39:28 -0000
I am glad this thread is now on bugtraq since Russ Cooper filters my posts to NTBugtraq. People should not have to pay for "full disclosure" of MS advisories. However, it probably does not surprise most that MS would hook up with another company to do such a thing. Also, it seems that MS thinks it is a "safe idea" to just give the full details to the ICSA so that way the wrong people do not get full details about it. However, as was pointed out by someone on NTBugtraq, there are always a few bad eggs that will leak out the information. So why make it a pain in the ass for the security community to get full details when the details will get out any way. Either do not give any details to anyone or give them to everyone. We at eEye are hopefully going to start "re-releasing" Microsoft's advisories with full details. We however are hard pressed for time around here so if anyone wants to help out to figure out all the details about future MS advisories and write demonstration code etc, drop me an eMail. Signed, Marc eEye Digital Security Team http://www.eEye.com -----Original Message----- From: Vanja Hrustic <vanja () SIAMRELAY COM> To: BUGTRAQ () NETSPACE ORG <BUGTRAQ () NETSPACE ORG> Date: Saturday, July 03, 1999 9:40 PM Subject: Fwd: Information on MS99-022 |I haven't seen this on the Bugtraq, but it's very interesting... | |-- |>Wanted to advise that we are making information available regarding the |>technical details involved in the "Double Byte Code Page" vulnerability |>(http://www.microsoft.com/security/bulletins/ms99-022.asp). We've provided |>a full description to the ICSA, for dissemination within their Intrusion |>Detection Consortium. This will allow security vendors to have access to |>the information that they need to develop scanning tools that will check for |>this attack. However, we are not planning to do a general release of the |>information. If you are running IIS 3.0 or 4.0 on a server whose default |>language is set to Chinese, Japanese, or Korean, you should apply the patch. |> |>Cheers, |> |>Secure () microsoft com |-- | |So, if I have my custom-developed IDS running, I won't be able to implement |a pattern for this, because I am not a member of 'Intrusion Detection |Consortium'? | |Note the words... | |"This will allow security vendors to have access to the information..." - |why only security vendors? What better they are than Bugtraq folks? | |"Security through obscurity" comes to mind... | |Vanja |
Current thread:
- Re: Fwd: Information on MS99-022, (continued)
- Re: Fwd: Information on MS99-022 Darren Reed (Jul 05)
- IGMP fragmentation bug in Windows 98/2000 Coolio (Jul 03)
- Re: IGMP fragmentation bug in Windows 98/2000 Steve (Jul 08)
- PR from MS about BO2K Christopher Schulte (Jul 10)
- ip stack bug in windows kod.c(kiss of death) klepto (Jul 03)
- Re: Fwd: Information on MS99-022 Renaud Deraison (Jul 05)
- Re: Fwd: Information on MS99-022 Weld Pond (Jul 05)
- Re: Fwd: Information on MS99-022 Vanja Hrustic (Jul 04)
- Re: Fwd: Information on MS99-022 Mike C. (Jul 04)