lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <AANLkTik8mqt8CkVLaZGQaNCqj2GMahyiZRa3VSAy1SGH@mail.gmail.com>
Date: Fri, 1 Oct 2010 22:11:31 +0200
From: "HI-TECH ." <isowarez.isowarez.isowarez@...glemail.com>
To: Benji <me@...ji.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: full disclosure my dear (Microsoft IIS 6.0
 Denial of Service)

Hello list,
looks like this bug is covered by MS10-065 ('IIS Repeated Parameter
Request Denial of Service Vulnerability') as tests by VUPEN have
shown.
from vupen on twitter:
"We analyzed the MS IIS 0day disclosed by @kingcope and we confirmed
that it is NOT a 0D. This is the DoS fixed in MS10-065"
I personally have looked into MS10-065 by binary diffing but was
unaware that the PoC exploits the same bug.
Now at least you can test your server for the bug. Thanks to vupen for
pointing this out.
Regards,
Kingcope

2010/10/1 Benji <me@...ji.com>
>
> geeks - the only ones that could ever possibly care about a DOS.
>
> On Fri, Oct 1, 2010 at 10:23 AM, Jacky Jack <jacksonsmth698@...il.com> wrote:
> > Are you trying to Pwn$$$$$ G33ks here?
> >
> >
> > On Fri, Oct 1, 2010 at 8:41 AM, HI-TECH .
> > <isowarez.isowarez.isowarez@...glemail.com> wrote:
> >> vulnerability description is attached to this email.
> >>
> >> /Kingcope
> >>
> >> _______________________________________________
> >> Full-Disclosure - We believe in it.
> >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> >> Hosted and sponsored by Secunia - http://secunia.com/
> >>
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
> >

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ