On 03 May 2001 11:12:52 -0700, Florin Andrei wrote:
>
> http://www.microsoft.com/presspass/exec/craig/05-03sharedsource.asp
"The OSS development model [...] has inherent security risks"
In aceeasi zi in care aceste cuvinte au fost date publicitatii de catre
spokesmanul lui Microsoft, iata ce ne aduce Moshu':
http://www.eeye.com/html/Research/Advisories/AD20010501.html
<quote>
Example:
GET /NULL.printer HTTP/1.0
Host: [buffer]
Where [buffer] is aprox. 420 characters.
At this point an attacker has sucessfully caused a buffer overflow
within IIS and has overwritten EIP. Now normally the Web server would
stop responding once you have "buffer overflowed" it.
</quote>
Cu alte cuvinte, avem un nou si proaspat remote exploit pentru Microsoft
IIS, care permite sa faci orice cu masina respectiva. La adresa indicata
veti gasi un exemplu care nu face decit sa creeze un fisier in C:\
continind instructiuni pentru a-ti proteja serverul. :-)
Pornind de la acest exploit public, se poate face unul care sa bindeze
la cmd.exe si sa-ti dea Command Prompt pe remote. :-P
Ar fi interesant sa vedem publicata o astfel de versiune modificata.
Happy hacking.
--
Florin Andrei
"Bloat is not about being big. Bloat is about being slow and stupid and not
realizing that it's because of design mistakes." - Linus Torvalds
---
Send e-mail to '[EMAIL PROTECTED]' with 'unsubscribe rlug' to
unsubscribe from this list.
