A new 0-day exploit has been posted on milworm at http://milw0rm.com/exploits/9541 The new 0-day is for microsoft IIS 5’s (windows 2000) FTP service. Also claimed to work on IIS 6 (windows 2003) with stack cookie protection enabled. Metasploit development is already underway to integrate this new exploit.
Archive for the ‘Exploits’ Category
Remote DOS for Bind in circulation
Tuesday, July 28th, 2009New remote DOS for ISC BIND (DNS) just announced:
https://www.isc.org/node/474
securityfocus has a poc:
http://downloads.securityfocus.com/vulnerabilities/exploits/35848.txt
if i got all my bits straight this should drop and log those packets in a cisco asa firewall:
policy-map type inspect dns preset_dns_map
match header-flag eq 0×2800
drop log