Discrepancies in downloads of MS02-018

From: Kirk Anderson (KirkA@WELLMED.COM)
Date: 04/11/02 

Date:         Thu, 11 Apr 2002 10:19:27 -0700
From: Kirk Anderson <KirkA@WELLMED.COM>
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM

Downloading MS02-018 (the new IIS security rollup patch addressed in
Q319733) from Microsoft's "Windows Update" website yields a different patch
than the one that can be downloaded directly from the Q aritcle page located
at http://support.microsoft.com/default.aspx?scid=kb;EN-US;q319733

Downloading from "Windows Update" will get you version 5.0.2195.4624 of
ftpmib.dll
Downloading from the Q article will get you version 5.0.2195.5255 if
ftpmib.dll

Consequently if you attempt to apply this patch via "Windows Update",
hfnetchk will consider the patch not found.

I have notified MS of the discrepancy.

-----Original Message-----
From: Pat Hennessy [mailto:path@HOPI.DTCC.EDU]
Sent: Wednesday, April 10, 2002 11:09 AM
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
Subject: Re: solution: MS02-015 (Q319182) breaks intranet cookies

The underscore character should not be used in dns names in the first
place.

From page one of RFC 952...

http://www.ietf.org/rfc/rfc0952.txt?number=952

<quote>
A "name" (Net, Host, Gateway, or Domain name) is a text string up
to 24 characters drawn from the alphabet (A-Z), digits (0-9), minus
sign (-), and period (.).
</quote>

For additional information about host names and numbers, see page twelve
of RFC 1123.

http://www.ietf.org/rfc/rfc1123.txt?number=1123

On Wed, 10 Apr 2002, Strele Franz wrote:

> Date: Wed, 10 Apr 2002 14:22:26 +0200
> From: Strele Franz <Franz.Strele@SYNERGIS.AT>
> To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
> Subject: solution: MS02-015 (Q319182) breaks intranet cookies
>
> hi russ,
>
> we got a lot of mails with the solution to our problem with cookies.
thanks
> a lot to everyone!
>
> it seems that a server name with an underscore (like "my_server") is
causing
> this kind of trouble...
>
> quoting Q312461 (ms01-55, which is included in q319182):
> "This patch requires that domains that use cookies MUST only have
> alpha-numeric characters (or '-' or '.') in the domain name. If they do
not,
> cookies may not work properly."
>
> see Q312461 for details...
>
>
> we still get a lot of mails asking for a solution. so i thought it would
be
> best to post this to ntbugtraq, maybe it helps someone...
>
>
> thanks,
> franz
>
> 

--
><><><><><><><><><><><><><><><><><><><><><><><><><><><><
Pat Hennessy                    (path@hopi.dtcc.edu)

Computer Services - Systems Support
Delaware Technical and Community College
><><><><><><><><><><><><><><><><><><><><><><><><><><><><

Relevant Pages

  • Re: Problem to install kb840315 patch
    ... Maybe you can try downloading the file again? ... Or run windows update? ... > patch. ... > Each time I try to install it, I am noticed that my rights are not ...
    (microsoft.public.windowsupdate)
  • Re: Problem to install kb840315 patch
    ... Maybe you can try downloading the file again? ... Or run windows update? ... > patch. ... > Each time I try to install it, I am noticed that my rights are not ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Service Pack Sequence
    ... >From what i recall when downloading the patch, ... >>After waiting for SBS SP1 to come out, i went to windows update and ... >>downloaded/installed the SBS SP1. ... >>Is it just a case of installing the Exchange patch or start at step 1? ...
    (microsoft.public.windows.server.sbs)
  • Re: Where to download patch for latest JPEG vulnerability to W XP with SP1?
    ... Is there a page on the Microsoft site where this ... Just got to windows update and scan for updates. ... that will lead you to the link for downloading the patch. ...
    (microsoft.public.windowsxp.general)
  • Linux compatible rpc.lockd
    ... I have made a patch to address PR kern/56461, ... * The first eight bytes of this struct may be used to generate short ... * client cookies that are not robust to pid recycling. ... Locks originated ...
    (freebsd-net)