Penetration Testing mailing list archives

Re: MS99-027 - New IIS problem?

From: Jason binger <cisspstudy () yahoo com>
Date: Sat, 13 Jul 2002 16:51:25 -0700 (PDT)

Yes this is the exact same issue that I posted a few
days before they posted their advisory.

I guess these days its not who finds the bug that gets
the credit. It is the person that types up an advisory
first =]

I notified Microsoft of this issue on the 8th of July.
The reason I notified the penetration testing list and
not bugtraq, was that I wanted some people to confirm
the issue in case it was something specific to the
system I was testing in the way it was patched etc...

Jason



--- Tom Fischer <Tom.Fischer () rus uni-stuttgart de>
wrote:

Hi,

On Mon, Jul 08, 2002 at 06:11:49AM -0000, Jason
wrote:

I was recently doing a penetration test and

noticed a problem with the

SMTP component of their web server that allowed me

to relay mail using an

old SMTP encapsulation problem.


is this the same problem mentioned in the
"Portcullis Security Advisory -
IIS Microsoft SMTP Service Encapsulated SMTP Address
Vulnerability"?

(http://cert.uni-stuttgart.de/archive/bugtraq/2002/07/msg00129.html)


-- 
Tom Fischer                             
Tom.Fischer () rus uni-stuttgart de
RUS-CERT University of Stuttgart       Tel:+49 711
685-8076 / -5898 (fax)
Allmandring 30, D-70550 Stuttgart          
http://cert.uni-stuttgart.de/

----------------------------------------------------------------------------

This list is provided by the SecurityFocus Security
Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA
service which
automatically alerts you to the latest security
vulnerabilities please see:
https://alerts.securityfocus.com/



__________________________________________________
Do You Yahoo!?
Yahoo! Autos - Get free new car price quotes
http://autos.yahoo.com

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Current thread:

MS99-027 - New IIS problem? Jason (Jul 08)
- Re: MS99-027 - New IIS problem? Tom Fischer (Jul 13)
  - Re: MS99-027 - New IIS problem? Jason binger (Jul 15)
- <Possible follow-ups>
- RE: MS99-027 - New IIS problem? Lucas (Jul 11)