snortattack

Hi to everybody !

Renowed security researcher "Kingcope" published a recent zero day vulnerability (i.e no patch and unkown at the time of publication) affecting Microsoft IIS 5 and IIS 6. Functional exploit code exists for IIS 5 / 5.1 no functional exploit code is known to exist for IIS 6.

Code execution possible on IIS5/5.1 if write access granted, DoS is possible on both IIS5 and IIS6. Note - there is a improbable condition that may allow code execution on IIS5/5.1 even if write access is not granted, the condition is that a directory is present that has certain characters in it and has a certain length.

Microsoft advisory : http://www.microsoft.com/technet/security/advisory/975191.mspx
Exploit code : http://milw0rm.com/exploits/9541
SNORT signature update : http://www.snort.org/vrt/docs/ruleset_changelogs/changes-2009-09-01.html
Nmap detect host scan : http://blog.rootshell.be/2009/09/01/detecting-vulnerable-iis-ftp-hosts-u...