Re: FW: Footprints of ASP ISAPI filter buffer overflows

[dullien () gmx de]

Hey all,

> > Has anybody a copy of some log files that contain such for general review
> > by the community?
> >
> > A customer was vulnerable to this attack and I would like to find out if
> > he was compromised.

I don't have logs, sorry, but to be honest the probability of him
being compromised by this are rather low -- there's no reliable
exploit for these bugs yet, and at least the eeye-bug is a bit dodgy
to exploit reliably without knowing the remote SP-number or accurately
guessing the thread number.

What is going to be an interesting combination on vulnerable systems i
the combination of the ASP bugs with ElicZ's DebPloit bug -- that
looks good enough to fashion the ASP bugs into remote SYSTEM
compromises.

Cheers,
dullien () gmx de


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com