lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20090527195150.GA15167@dcent.unixwiz.lan>
Date: Wed, 27 May 2009 12:51:50 -0700
From: Steve Friedl <steve@...xwiz.net>
To: bugtraq@...urityfocus.com
Subject: New paper: Understanding Microsoft's KB971492 IIS WebDAV Vuln

Hello all,

There has been a fair amount written on the vulnerability itself, but
there's a large cohort who has no idea if their systems are at risk
("What is WebDAV, and how do I know if I have or need it???").

So I've written a paper that lets one self-assess to see if this is
an issue or not, mainly with a flowchart the gets to a not-vulnerable
place reliably.

   Unixwiz.net Tech Tip: Understanding Microsoft's KB971492 IIS5/IIS6 WebDAV Vulnerability 
   http://unixwiz.net/techtips/ms971492-webdav-vuln.html

Those who find WebDAV enabled still have to find local experts to help
figure out if they have a problem or not, but this should help the bulk
of users who are not at risk.

I hope this is helpful.

Steve

-- 
Stephen J Friedl  | Security Consultant |  UNIX Wizard  | 714 694-0494
steve@...xwiz.net | Orange County, CA   | Microsoft MVP |  unixwiz.net

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ