OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: NGSSoftware Insight Security Research (nisr_at_nextgenss.com)
Date: Thu Oct 31 2002 - 11:17:17 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    NGSSoftware Insight Security Research Advisory

    Name: IIS 5 & 5.1 Denial Of Service Vulnerability
    Systems Affected: Windows 2000 and XP all service packs.
    Severity: Moderate
    Category: Denial of Service
    Vendor URL: http://www.mircosoft.com
    Author: Mark Litchfield (markngssoftware.com)
    Date: 31st October 2002
    Advisory number: #NISR31102002

    Description
    ***********

    Microsofts Internet Information Server and Intranet Server 5.0 and 5.1 comes
    with a feature called WebDAV. WebDAV, or Web-based Distributed Authoring and
    Versioning, is the emerging standard in web-based collaboration. Simply put,
    WebDAV allows web development teams and other workgroups to use a remote web
    server as easily as if it were a local file server. Technically, WebDAV is a
    set of extensions to the HTTP protocol.

    Details
    *******

    In this particular instance, a denial of service vulnerability exists due to
    a flaw in the way IIS 5.0 and 5.1 allocates memory for WebDAV requests. If a
    malformed WebDAV request was sent to the server, IIS would allocate an
    extremely large amount of memory on the server. By sending several such
    requests, an attacker could cause the server to fail. This vulnerability
    could only be exploited if the server allowed WebDAV requests to be levied
    on it and is also dependent upon the Indexing server service to be running.
    Whilst by default the relevant WebDAV request method is allowed, the
    Indexing Service is turned off by default.

    Fix Information
    ***************

    NGSSoftware alerted Microsoft to these problems on the 16th May 2002. A
    patch can be found at
    http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/
    bulletin/MS02-062.asp

    Common Vulnerabilities & Exposures
    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1182

    A check for these issues has been added to Typhon II, of which more
    information is available from the
    NGSSoftware website:
    http://www.ngssoftware.com