Re: [PEN-TEST] ISS not detecting unicode bug??

["Covington, James (ISS California)" <JCovington () ISS NET>]

John,

Can you tell me how you know the hole exists?  And I've got to ask the
obvious..are you sure nothing was changed on the server before the ISS scan?


-Jim

================================================
James Covington
Senior Security Consultant
Phone: 619.462.6625
Cell:  619.666.9191

Internet Security Systems - The Power to Protect
================================================

-----Original Message-----
From: John Doe [mailto:j_d0e () EMAIL COM]
Sent: Wednesday, November 15, 2000 6:07 PM
To: PEN-TEST () SECURITYFOCUS COM
Subject: [PEN-TEST] ISS not detecting unicode bug??


I am trying to use ISS v6.1 with the latest vulnerability update (downloaded
yesterday) which includes a check for the following:

IIS UNICODE translation error allows remote command execution
Risk Level:   High Check or Attack Name: IisUnicodeTranslation

I had to explicitly modify the L5 NT/IIS policy to check for this vuln. and
I can see that it was checked for in the scan history, however it did not
reveal the presence of the hole.

The problem is, the hole exists and it didn't detect it. I feel that either
I am doing something wrong, or the software isn't working properly. I am
concerned that using this tool to perform scans is going to leave me
misinformed.

Comments/suggestions are appreciated...thanks!


-----------------------------------------------
FREE! The World's Best Email Address @email.com
Reserve your name now at http://www.email.com