Date: Fri, 1 Oct 2010 22:11:31 +0200
From: "HI-TECH ." <isowarez.isowarez.isowarez@...glemail.com>
To: Benji <me@...ji.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: full disclosure my dear (Microsoft IIS 6.0
 Denial of Service)

Hello list,
looks like this bug is covered by MS10-065 ('IIS Repeated Parameter
Request Denial of Service Vulnerability') as tests by VUPEN have
shown.
from vupen on twitter:
"We analyzed the MS IIS 0day disclosed by @kingcope and we confirmed
that it is NOT a 0D. This is the DoS fixed in MS10-065"
I personally have looked into MS10-065 by binary diffing but was
unaware that the PoC exploits the same bug.
Now at least you can test your server for the bug. Thanks to vupen for
pointing this out.
Regards,
Kingcope

2010/10/1 Benji <me@...ji.com>
>
> geeks - the only ones that could ever possibly care about a DOS.
>
> On Fri, Oct 1, 2010 at 10:23 AM, Jacky Jack <jacksonsmth698@...il.com> wrote:
> > Are you trying to Pwn$$$$$ G33ks here?
> >
> >
> > On Fri, Oct 1, 2010 at 8:41 AM, HI-TECH .
> > <isowarez.isowarez.isowarez@...glemail.com> wrote:
> >> vulnerability description is attached to this email.
> >>
> >> /Kingcope
> >>
> >> _______________________________________________
> >> Full-Disclosure - We believe in it.
> >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> >> Hosted and sponsored by Secunia - http://secunia.com/
> >>
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
> >

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists