[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] Microsoft Internet Information Server ftpd zeroday
Thanks to a hint by "Petar" on the G-SEC blog  it appears
that the very same bug was present in IIS3 and IIS4 and discovered
by eeye in 1999 :
"Microsoft IIS (Internet Information Server) FTP service contains a
buffer overflow in the NLST command. This could be used to DoS a remote
machine and in some cases execute code remotely."
Is this the same bug andwas the bug re-introduced ? Has Microsoft
fixed LS but not NLST? "svn" mishap ?
Maybe Mudge and/or Dildog can comment - would certainly be interesting
to know whether and if HOW this bug was reintroduced.