lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 18 Feb 2004 10:02:49 -0500 From: kquest@...layer.com To: bugtraq@...urityfocus.com Subject: bid: 9660 : Microsoft IIS Unspecified Remote Denial Of Service Vu lnerability This is not an unspecified remote DoS. This is related to the vulnerabilities discovered by EEYE. The reason the exploit caused a DoS is because the OpenSSL vulnerabilities and vulnerabilities discovered by EEYE overlap. They both have a length integer overflow. I actually believe that EEYE discovered their vulnerabilities right after the OpenSSL vulnerabilities came out. They ran their PoC code against IIS and discovered a DoS (just like this bid reports). Then they dug a bit deeper and now we have those multiple MS ASN.1 vulnerabilities that everybody is talking about. It was pretty much a no brainer for them. Kyle
Powered by blists - more mailing lists