[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [cobalt-users] FrontPage Server Extension Vulnerbility!!!
- Subject: RE: [cobalt-users] FrontPage Server Extension Vulnerbility!!!
- From: Shannon Johnston <sjohnston@xxxxxxxxxxxxxxx>
- Date: Fri Sep 27 13:27:04 2002
- List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>
The problem is that attackers can use the file shtml.dll to cause a heap
overflow in IIS. Since Cobalt appliances run apache, which is not
vulnerable to that heap overflow, they shouldn't be vulnerable.
In otherwords, you can use the extensions to crash IIS. No IIS, no
crash.
Shannon Johnston
Network Security Engineer
Liberty Cavion
On Fri, 2002-09-27 at 13:35, Dan Kriwitsky wrote:
>
> > >They say "Microsoft FrontPage Server Extensions 2000" but since they
> > >didn't offer a download for 2000 Unix, I didn't post it to the list
> > >when I read it the other day on http://news.com.com. Haven't heard
> > >whether it's just an IIS issue.
> >
> >
> > No, they say
> >
> > "Affected Software:
> >
> > Microsoft FrontPage Server Extensions 2000
> > Microsoft FrontPage Server Extensions 2002
> > Microsoft Windows 2000 (shipped FPSE 2000)
> > Microsoft Windows XP (shipped FPSE 2000) "
> >
> > Not just Microsoft FrontPage Server Extensions 2000
> >
>
> But they don't offer a patch or new download on that page for Unix FP
> 2000 which led me to believe it's not affected. The only offer NT4,
> Win2000 and WinXP downloads.
> --
> Dan Kriwitsky
>
> Please reply to the list only. Offlist replies are not read.
>
>
>
> _____________________________________
> cobalt-users mailing list
> cobalt-users@xxxxxxxxxxxxxxx
> To subscribe/unsubscribe, or to SEARCH THE ARCHIVES, go to:
> http://list.cobalt.com/mailman/listinfo/cobalt-users
--
"Tetris is so unrealistic."