WebDAV Buffer Overflow Attack Compromises IIS 5.0

← Back to Stories (view on slashdot.org)

WebDAV Buffer Overflow Attack Compromises IIS 5.0

Posted by timothy on Monday March 17, 2003 @09:50AM from the what-this-old-thing dept.

rf0 writes "Well CERT is reporting a new overflow attack for IIS 5.0. Microsoft has released a bulletin. Better download those patches and fix another security hole." According to this CNET story, Microsoft says that this is already being exploited, at the very least since last Wednesday.

7 of 367 comments (clear)

Min score:

Reason:

Sort:

Bah, the Internet by Captain+Beefheart · 2003-03-17 09:54 · Score: 5, Funny

I don't know why anyone uses it anymore. I'm switching back to Morse Code. Who's with me?
1. Re:Bah, the Internet by Anonvmous+Coward · 2003-03-17 10:18 · Score: 5, Funny
  
  "I don't know why anyone uses it anymore. I'm switching back to Morse Code. Who's with me?"
  
  Shut the ..-. up!
  
  =D
Re:Patch? by mrjive · 2003-03-17 09:54 · Score: 5, Funny

More like "every day that ends in -day"

--
If you can't beat them, arrange to have them beaten. -George Carlin
I'd uninstall it but... by OffTheLip · 2003-03-17 09:58 · Score: 5, Funny

I was ready to uninstall IIS when it occured to me that Exchange 2K needs it. I was ready to uninstall Exchange 2K when I realized users would not be able to function. Whew, luckily I came to my senses...
Re:OMG! by NewbieProgrammerMan · 2003-03-17 09:59 · Score: 5, Funny

I hope you don't have a static buffer allocated for those messages, because it'll....ummm...overflow.

--
[b.belong('us') for b in bases if b.owner() == 'you']
Re:Again... by zzxc · 2003-03-17 09:59 · Score: 5, Funny

>Why is the code that the web server has access to
>change allowed to take over the system?

Because it is "trusted".
Re:This is news? by mmol_6453 · 2003-03-17 10:02 · Score: 5, Funny

Between getting rooted and being automatically subject to license agreements, I'd rather get rooted.

--
What's this Submit thingy do?