Penetration Testing mailing list archives
Re: MS99-027 - New IIS problem?
From: Jason binger <cisspstudy () yahoo com>
Date: Sat, 13 Jul 2002 16:51:25 -0700 (PDT)
Yes this is the exact same issue that I posted a few days before they posted their advisory. I guess these days its not who finds the bug that gets the credit. It is the person that types up an advisory first =] I notified Microsoft of this issue on the 8th of July. The reason I notified the penetration testing list and not bugtraq, was that I wanted some people to confirm the issue in case it was something specific to the system I was testing in the way it was patched etc... Jason --- Tom Fischer <Tom.Fischer () rus uni-stuttgart de> wrote:
Hi, On Mon, Jul 08, 2002 at 06:11:49AM -0000, Jason wrote:I was recently doing a penetration test andnoticed a problem with theSMTP component of their web server that allowed meto relay mail using anold SMTP encapsulation problem.is this the same problem mentioned in the "Portcullis Security Advisory - IIS Microsoft SMTP Service Encapsulated SMTP Address Vulnerability"?
(http://cert.uni-stuttgart.de/archive/bugtraq/2002/07/msg00129.html)
-- Tom Fischer Tom.Fischer () rus uni-stuttgart de RUS-CERT University of Stuttgart Tel:+49 711 685-8076 / -5898 (fax) Allmandring 30, D-70550 Stuttgart http://cert.uni-stuttgart.de/
----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
__________________________________________________ Do You Yahoo!? Yahoo! Autos - Get free new car price quotes http://autos.yahoo.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- MS99-027 - New IIS problem? Jason (Jul 08)
- Re: MS99-027 - New IIS problem? Tom Fischer (Jul 13)
- Re: MS99-027 - New IIS problem? Jason binger (Jul 15)
- <Possible follow-ups>
- RE: MS99-027 - New IIS problem? Lucas (Jul 11)
- Re: MS99-027 - New IIS problem? Tom Fischer (Jul 13)