OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: researchteam5esecurityonline.com
Date: Mon Apr 29 2002 - 15:05:58 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    eSO Security Advisory: 3401
    Discovery Date: March 1, 2001
    ID: eSO:3401
    Title: Microsoft Internet Information Server /
                            Exchange 2000 invalid request denial of
                            service vulnerability
    Impact: Remote attackers can cause a denial of service
                            condition
    Affected Technology: Microsoft IIS 5
                            Microsoft Exchange 2000
                            Microsoft Windows 2000 Server
                            Microsoft Windows 2000 Server SP1
                            Microsoft Windows 2000 Advanced Server
                            Microsoft Windows 2000 Advanced Server SP1
    Vendor Status: Patches are available (MS01-014)
    Discovered By: Kevin Kotas of the eSecurityOnline Research
                            and Development Team
    CVE Reference: CAN-2001-0146

    Advisory Location:
    http://www.eSecurityOnline.com/advisories/eSO3401.asp

    Description:
    Microsoft Internet Information Server and Exchange 2000 are vulnerable
    to a flaw that allows a remote attacker to cause a denial of service
    condition. The problem is due to a component incorrectly handling
    requests of excessive length. An attacker can continuously make a
    request that will cause the inetinfo process to repeatedly crash,
    which in turn will cause IIS, FTP, NNTP, and other services to become
    temporarily unavailable.

    Technical Recommendation:
    Install the latest patches from the vendor.

    Microsoft IIS 5.0:
    http://www.microsoft.com/Downloads/Release.asp?ReleaseID=28155

    Microsoft Exchange 2000:
    http://www.microsoft.com/Downloads/Release.asp?ReleaseID=28369

    As a workaround for protecting IIS:

    With Regedit running, locate the key:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\w3svc\parameters

    And add if not present:

    Value Name: MaxClientRequestBuffer
    Data Type: REG_DWORD

    Select Decimal from the DWORD Editor dialog box. In the Data text box,
    type the number of bytes, or characters, for the maximum allowed URL
    request length. The length is site-specific, but generally 10000
    should suffice and keep site functionality. Finally, restart IIS.
    Thoroughly test after applying this workaround.

    Windows 2000 Service Pack 2 also addresses the vulnerability. Windows
    2000 Service Pack 2 can be downloaded from:
    http://www.microsoft.com/windows2000/downloads/servicepacks/sp2/

    Vendor Advisory:
    MS01-014

    Acknowledgements:
    eSecurityOnline would like to thank Microsoft security for their
    cooperation in resolving the issue.

    Copyright 2002 eSecurityOnline LLC. All rights reserved.

    THE INFORMATION IN THIS VULNERABILITY ALERT IS PROVIDED BY
    ESECURITYONLINE LLC "AS IS", "WHERE IS", WITH NO WARRANTY OF ANY KIND,
    AND ESECURITYONLINE LLC HEREBY DISCLAIMS THE IMPLIED WARRANTIES OF
    NON-INFRINGEMENT, MERCHANTABILITY AND FITNESS FOR A PARTICULAR
    PURPOSE. ESECURITYONLINE LLC SHALL HAVE NO LIABILITY FOR ANY DAMAGE,
    CLAIM OR LOSS RESULTING FROM YOUR USE OF THE INFORMATION CONTAINED IN
    THIS VULNERABILITY ALERT.