IIS 6.0 AUX.aspx DoS

[c0redump () ackers org uk]

Hi.

I know the old AUX/CON commands are old school, but can someone
confirm/deny kingcope's recent posting about this being a DoS in fully
patched IIS 6 when multiple requests are carried out - "Server is too
busy/Unhandled Exception on the wwwroot (/) path".  I would test but all I
have are production servers.

Ta,

c0redump

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/