Re: Microsoft IIS security hole persists despite available patch

[InfoSec News <isn () C4I ORG>]

Forwarded by: Marc <marc () eeye com>

I am guessing the exploit in question was IISHack which we released last
year on June 15th. http://www.wired.com/news/technology/0,1282,20231,00.html

"which allows anyone with a Web browser to gain admin-level access to a
server" thats wrong as anyone, with half a technical brain, would know.

| The hole enables an unauthorised visitor to determine what version of
| NT is running, and to see or easily guess file and directory locations
| with a mind towards further exploitation of the site.

Some more technical inaccuracies.

| On an e-commerce site with a shopping cart application running,
| the flaw can make it easy to compromise consumers' account details.

Add on some fear factor and you have your self an article to make your 1
article a week deadline.

Pitiful reporting but yes there still are many sites vulnerable over a year
later.

Signed,
Marc Maiffret
Chief Hacking Officer
eCompany / eEye
T.949.675.8160
F.949.675.8191
http://www.eEye.com


| -----Original Message-----
| From: ISN Mailing List [mailto:ISN () SECURITYFOCUS COM]On Behalf Of
| InfoSec News
| Sent: Wednesday, July 05, 2000 7:04 AM
| To: ISN () SECURITYFOCUS COM
| Subject: [ISN] Microsoft IIS security hole persists despite available
| patch
|
|
| http://www.theregister.co.uk/content/6/11782.html
|
| By: Thomas C Greene in Washington
| Posted: 05/07/2000 at 17:06 GMT
|
| An old and subsequently well-publicised flaw in Microsoft Internet
| Information Server (IIS), which allows anyone with a Web browser to
| gain admin-level access to a server, continues to plague many sites in
| spite of the availability patches to correct it.
|
| The flaw first became news just over a year ago with a flurry of
| advisories posted on numerous news sites, and Microsoft did respond
| and issue a patch. Wired, for example, ran their coverage on 15 June
| of last year.
|
| However, as one of The Register's sharp-eyed readers has discovered
| and brought to our attention, putting the word out and issuing a patch
| hardly guarantees that anyone will bother to install it.
|
| The hole enables an unauthorised visitor to determine what version of
| NT is running, and to see or easily guess file and directory locations
| with a mind towards further exploitation of the site. On an e-commerce
| site with a shopping cart application running, the flaw can make it
| easy to compromise consumers' account details.
|
| Among the more high-profile sites reported to be running the product
| in a still-unpatched version are Safeway, IKEA and Tower Records.
| Undoubtedly many thousands of less-known sites are as well. The
| Register has confirmed the hole in the instances mentioned above, but
| for obvious reasons we're not describing the exploit in detail.

ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".