Grave "buffer overflow" baco in IIS4...
Maurizio Paolini
paolini a dmf.bs.unicatt.it
Mer 16 Giu 1999 10:05:55 UTC
Posto solo un breve estratto di un documento su un baco di sicurezza
del server web di Microsoft che permette di ottenere accesso "root" sul
90% dei server Web che utilizzano il server Microsoft:
---------------
The Fallout:
Almost 90% of the Windows NT web servers on the Internet are affected by
this hole. Everyone from NASDAQ to the U.S. Army to Microsoft themselves.
No, we did not try it on the above mentioned. But it is easy to verify if a
web server is exploitable without using the exploit. Even a server that's
locked in a guarded room behind a Cisco Pix can be broken into with this
hole. This is a reminder to all software vendors that testing for common
security holes in your software is a must. Demand more from your software
vendors.
---------------
Chi e' interessato al documento intero puo' farmene richiesta.
mp
Maggiori informazioni sulla lista
Lug
|
