LinuxSA Mailing list archives

Index: [thread] [date] [subject] [author]

  From: Phil Pittard <vk5ham@seol.net.au>
  To  : linuxsa@linuxsa.org.au
  Date: Tue, 28 Sep 1999 14:31:02 +0930

NT is really SECURE ;) YEH right!!

Re the WINDOZE is WONDERFUL thread -  who else knows abt this ?!?! The
comments abt IIS reminded me!!!
I wonder whether MS has advised all their customers?????

                 Systems Affected:

                  Internet Information Server 4.0 (IIS4)
                  Microsoft Windows NT 4.0 SP3 Option Pack 4
                  Microsoft Windows NT 4.0 SP4 Option Pack 4
                  Microsoft Windows NT 4.0 SP5 Option Pack 4

                  Advisory Code:
                  AD06081999

                  The Fallout:

                  Almost 90% of the Windows NT web servers on the
Internet are affected by this
                  hole. Even a server that's locked in a guarded room
behind a Cisco Pix can be
                  broken into with this hole. This is a reminder to all
software vendors that testing
                  for common security holes in your software is a must.
Demand more from your
                  software vendors. 

                  The Request. (Well one anyway.)

                  Dear Microsoft,

                  One of the things that we found out is that IIS did
not log any trace of our
                  attempted hack. We recommend that you pass all server
requests to the logging
                  service before passing it to any ISAPI filters
etc...The logging service should be, as
                  named, an actual service running in a separate memory
space so that when inetinfo
                  goes down intrusion signatures are still logged. 

                  Fixes:

                      1.Remove the extension .HTR from the ISAPI DLL
list. Microsoft has just
                         updated their checklist to include this interim
fix.
                      2.Apply the patch supplied by Microsoft when
available.

                  Vendor Status:

                  We contacted Microsoft on June 8th 1999, eEye Digital
Security Team provided all
                  information needed to reproduce the exploit. and how
to fix it. Microsoft security
                  team did confirm the exploit and are releasing a patch
for IIS.

IF you want to read the full story : 
http://www.eeye.com/database/advisories/ad06081999/ad06081999.html

Phil

-- 
Check out the LinuxSA web pages at http://www.linuxsa.org.au/
To unsubscribe from the LinuxSA list:
  mail linuxsa-request@linuxsa.org.au with "unsubscribe" as the subject

Index: [thread] [date] [subject] [author]

Return to the LinuxSA Mailing List Information Page