WebDAV Buffer Overflow Attack Compromises IIS 5.0

← Back to Stories (view on slashdot.org)

WebDAV Buffer Overflow Attack Compromises IIS 5.0

Posted by timothy on Monday March 17, 2003 @09:50AM from the what-this-old-thing dept.

rf0 writes "Well CERT is reporting a new overflow attack for IIS 5.0. Microsoft has released a bulletin. Better download those patches and fix another security hole." According to this CNET story, Microsoft says that this is already being exploited, at the very least since last Wednesday.

3 of 367 comments (clear)

Min score:

Reason:

Sort:

Re:Why use IIS? by Len · 2003-03-17 10:10 · Score: 3, Flamebait

Would you also send them the list of Apache security alerts? Or is that too much truth for you?
OK, so how about by The+Bungi · 2003-03-17 10:28 · Score: 1, Flamebait

... that Samba security hole that didn't make it to the front page? And that mySQL vulnerability a few weeks ago? And all the others that are not Microsoft products?
It seems open source bugs/ exploits/ vulnerabilities are always conveniently buried somewhere other than on the front page.
Not to say Microsoft software is secure, but hey. "Fair and balanced" never was part of the /. motto.
1. Re:OK, so how about by The+Bungi · 2003-03-17 10:57 · Score: 1, Flamebait
  
  Um, because the number of internet-exploitable IIS 5 systems outnumbers the number of internet-exploitable MySQL and Samba systems by a factor of at least 100 to 1?
  Uh, so what? Isn't this supposed to be an anti-Microsoft and pro-open source gig? If everyone who reads Slashdot is an open source advocate/ zealot/ freak then why bother? Everyone here runs Linux and Samba and Apache and KDE and all that, no? Wouldn't it make more sense to put the other stories on the front page and relegate these to the 'Micro$oft' section? (hey, there's an idea).
  OTOH, if you use Windows and you're getting your security bulletins from Slashdot, well...