Bugtraq mailing list archives
bid: 9660 : Microsoft IIS Unspecified Remote Denial Of Service Vu lnerability
From: kquest () toplayer com
Date: Wed, 18 Feb 2004 10:02:49 -0500
This is not an unspecified remote DoS. This is related to the vulnerabilities discovered by EEYE. The reason the exploit caused a DoS is because the OpenSSL vulnerabilities and vulnerabilities discovered by EEYE overlap. They both have a length integer overflow. I actually believe that EEYE discovered their vulnerabilities right after the OpenSSL vulnerabilities came out. They ran their PoC code against IIS and discovered a DoS (just like this bid reports). Then they dug a bit deeper and now we have those multiple MS ASN.1 vulnerabilities that everybody is talking about. It was pretty much a no brainer for them. Kyle
Current thread:
- bid: 9660 : Microsoft IIS Unspecified Remote Denial Of Service Vu lnerability kquest (Feb 18)