New IIS security hole?

• Previous message: Vladimir Markovic: "W2K SP4 bug on DCs"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date:         Wed, 3 Sep 2003 11:37:46 -0400
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM

        Russ,

        I thought the list would be very interested in recent happenings at
my ISP, as they seem to point to a new security hole in IIS 5 on Win2k
Servers.
        As of yesterday afternoon (Tuesday, September 2), I noticed that
index pages on sites I host at a nationally-known hosting provider began to
produce some errors and unanticipated behavior. Upon further investigation,
and a call to my provider, I discovered that the servers in question add a
single iframe tag as a footer when serving certain pages via HTTP. This
footer points to an ASP script hosted elsewhere. (Unfortunately, I was not
able to pull down a copy of the script before my provider axed it.)
        Note that this code has not been added to the source of the pages
themselves: it is simply served as an additional tag when the server
fulfills HTTP requests.
        IMHO, this is an extremely serious issue. To their credit, my ISP is
working with Microsoft to produce a patch for this issue, though as of this
writing I still have no ETA for installation of the forthcoming patch.

        Rob

oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
Whatever Happened to Octopus?

LEGATO RepliStor, formerly known as Octopus, delivers breakthrough
replication performance that's 5X faster than the competition in an
independent head-to-head test. Learn how RepliStor uses patented,
asynchronous, real-time replication, to deliver disaster recovery, data
distribution and consolidated backups. It is the first replication solution
to achieve Windows 2003 certification. Get the performance report now.

http://portal1.legato.com/products/replistor/upgrade.cfm

oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo

• Previous message: Vladimir Markovic: "W2K SP4 bug on DCs"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: Norton Internet Security 2003 blacklist fault? ... Implementing host name blocking, while sounding fairly straight-forward, is ... LEGATO RepliStor, formerly known as Octopus, delivers breakthrough ... asynchronous, real-time replication, to deliver disaster recovery, data ... (NT-Bugtraq) hfnetFU is gone, now it is MbsaFU ... recipient is not a waiver of any attorney-client or work product privilege. ... LEGATO RepliStor, formerly known as Octopus, delivers breakthrough ... asynchronous, real-time replication, to deliver disaster recovery, data ... (NT-Bugtraq) Norton Internet Security 2003 blacklist fault? ... Whatever Happened to Octopus? ... LEGATO RepliStor, formerly known as Octopus, delivers breakthrough ... asynchronous, real-time replication, to deliver disaster recovery, data ... (NT-Bugtraq) Re: Patching MS03-026 on Windows XP SP1 ... although the registry key shows the patch as installed. ... LEGATO RepliStor, formerly known as Octopus, delivers breakthrough ... asynchronous, real-time replication, to deliver disaster recovery, data ... (NT-Bugtraq) Re: Error on updatable subscription ... Were any of the tables owned by different object owners and did you change ... Looking for a SQL Server replication book? ... > Provider 'SQLOLEDB' ITransactionJoi JoinTransaction returned 0x8004d01c]. ... > I don't need to do insert on the subscription but only update. ... (microsoft.public.sqlserver.replication)