Penetration Testing mailing list archives

Re: MS99-027 - New IIS problem?

From: Tom Fischer <Tom.Fischer () rus uni-stuttgart de>
Date: Sat, 13 Jul 2002 18:46:33 +0200

Hi,

On Mon, Jul 08, 2002 at 06:11:49AM -0000, Jason wrote:

I was recently doing a penetration test and noticed a problem with the 
SMTP component of their web server that allowed me to relay mail using an 
old SMTP encapsulation problem.


is this the same problem mentioned in the "Portcullis Security Advisory -
IIS Microsoft SMTP Service Encapsulated SMTP Address Vulnerability"?
(http://cert.uni-stuttgart.de/archive/bugtraq/2002/07/msg00129.html)

-- 
Tom Fischer                              Tom.Fischer () rus uni-stuttgart de
RUS-CERT University of Stuttgart       Tel:+49 711 685-8076 / -5898 (fax)
Allmandring 30, D-70550 Stuttgart           http://cert.uni-stuttgart.de/

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Current thread:

MS99-027 - New IIS problem? Jason (Jul 08)
- Re: MS99-027 - New IIS problem? Tom Fischer (Jul 13)
  - Re: MS99-027 - New IIS problem? Jason binger (Jul 15)
- <Possible follow-ups>
- RE: MS99-027 - New IIS problem? Lucas (Jul 11)