lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <3F1CB33D.2070809@brvenik.com>
From: security at brvenik.com (Jason)
Subject: IIS/Outlook Web Access..

This being full disclosure and all...

I am interested in what exactly Outlook 2003 does that causes IIS so 
much issue? My gutt answers in ( )s.

Can this be replicated without Outlook 2003? ( probably )
Can this be done with or without a user account? ( users only )
Is this only a DOS for servers with OWA running? ( probably )
Is it just a DOS or a lurking exploitable condition? ( DOS )
Is it a persistent DOS against IIS and OWA or does a restart resolve it? 
( restart )
Is it reliably reproducible or dependent on an obscure configuration 
option? ( reliable )

If you can provide these details then I think the list would be 
interested. Otherwise you may be better off going to one of the more 
Exchange / MS focused lists for bug sympathy/help.


LaRose, Dallas wrote:

>-----Original Message-----
>From: Christopher F. Herot [mailto:cherot@...liedmessaging.com] 
>Maybe you should upgrade from Exchange 5.5 to 2000.  We have had people
>using Outlook 2003 client and OWA with Exchange 2000 for several months
>without incident.
>
>==========
>
>Although I'll recognize that an upgrade to E2K is prudent and may resolve
>the issue, a problem in a product that is still in use should be recognized
>and documented.
>
>Although my company is interested in upgrading to both Outlook 2003 and
>Exchange 2K+, the upgrade to Outlook 2003 will likely come first due to
>complexities in the Exchange upgrade.  I think it's fair to test the
>combination of Outlook 2003 and Exchange 5.5 OWA, and I'm interested to know
>the results.
>
>Does Microsoft have a Q article that acknowledges the issue?
>
>Dallas LaRose
>Senior Network Engineer
>S2 Systems, Inc.
>
>_______________________________________________
>Full-Disclosure - We believe in it.
>Charter: http://lists.netsys.com/full-disclosure-charter.html
>
>
>
>  
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ