RE: ISAPI and SECUREIIS

["Marc Maiffret" <marc () eeye com>]

When we were researching the .ida exploit we came across this _potential_
bug and we therefore fixed the problem before the Microsoft security
advisory was released.

We also notified all of our customers about the new version of SecureIIS and
that they _needed_ to upgrade to the latest version (at the time that was
1.1) because we updated some of our technologies within SecureIIS.

So in the end people that were using SecureIIS were actually protected from
the .ida vulnerability days before the vulnerability even was released to
any public forum etc...

In the future if you find what you believe to be a bug then I would suggest
contacting us first so that we can give you the needed information (I.E. 3
or so new versions of SecureIIS have been released since 1.0.6) and if there
is a valid problem then we can fix that problem. This however is not an
issue.

Thanks!

Signed,
Marc Maiffret
Chief Hacking Officer
eEye Digital Security
T.949.349.9062
F.949.349.9538
http://eEye.com/Retina - Network Security Scanner
http://eEye.com/Iris - Network Traffic Analyzer
http://eEye.com/SecureIIS - Stop known and unknown IIS vulnerabilities

|---------- Forwarded message ----------
|Date: Wed, 27 Jun 2001 00:56:48 +0200
|From: Crussaider <crussaider () globalnet hr>
|To: bugtraq () securityfocus com
|Subject: ISAPI and SECUREIIS
|
|
|
|        Hi all,
|
|        after some testing I noticed that SecureIIS 1.0.6 does not
|        protect IIS 5.0 from ISAPI DoS attack. In the attachment is
|        isapi-dos2.c and isapi.exe cygwin compilation.
|
|        After attack with this exploit IIS is down. In SecureIIS i
|        have very restrictive polices, but anyway it did not manage to
|        protect it from this kind of attack.
|        To try isapi.exe you must have cygwin1.dll
|
|        Does anyone have similar experience?
|
|
|
|--
|Best regards,
| Crussaider                          mailto:crussaider () globalnet hr
|