Re: [Full-Disclosure] Does the Windows AUX bug affect Web servers also?

From: jelmer (kuper237_at_planet.nl)
Date: 07/10/03

  • Next message: ZenTaosun: "[Full-Disclosure] Gconnect v1.0"
    To: Peter Kruse <kruse@krusesecurity.dk>, "'Richard M. Smith'" <rms@computerbytesman.com>, full-disclosure@lists.netsys.com
    Date: Thu, 10 Jul 2003 13:21:10 +0200
    
    

    >We had to remove the reference with a Windows 2000 bootdisk.

    actually you don't have to do this you can "trick" windows by using a UNC
    path

    you can delete the file by typing

    del \\.\C:\COM1

    or create a file with an invalid filename like this :

    echo bla > \\.\C:\COM1

    -- jelmer

    ----- Original Message -----
    From: "Peter Kruse" <kruse@krusesecurity.dk>
    To: "'Richard M. Smith'" <rms@computerbytesman.com>;
    <full-disclosure@lists.netsys.com>
    Sent: Wednesday, July 09, 2003 8:42 PM
    Subject: SV: [Full-Disclosure] Does the Windows AUX bug affect Web servers
    also?

    > Hi Richard,
    >
    > AFAIK it can´t be done with a http://www.someserver./aux but there´re
    > several other ways to exploit this DoS.
    >
    > It can be done over network shares and anywhere we include HTML and
    > scripts (webpages, e-mails, internal documents and so on). I have
    > succesfully crashed a server placering a "COMn" reference in a special
    > folder. We had to remove the reference with a Windows 2000 bootdisk.
    >
    > Other browsers are affected as well and at least two (of my knowledge)
    > are hit a lot harder than IE. They both cause the system to crash.
    >
    > Med venlig hilsen // Kind regards
    >
    > Peter Kruse
    > Kruse Security
    > http://www.krusesecurity.dk
    >
    > -----Oprindelig meddelelse-----
    > Fra: full-disclosure-admin@lists.netsys.com
    > [mailto:full-disclosure-admin@lists.netsys.com] På vegne af Richard M.
    > Smith
    > Sendt: 9. juli 2003 18:50
    > Til: full-disclosure@lists.netsys.com
    > Emne: [Full-Disclosure] Does the Windows AUX bug affect Web servers
    > also?
    >
    >
    > Is it possible to also crash a Web server hosted on a Windows box using
    > a URL something like:
    >
    > http://www.somebody.com/aux
    >
    > If this particular URL is okay, maybe there are other URLs that will
    > cause a crash. For example, POSTing a form to a URL containing AUX.
    >
    > This problem could be in any Windows Web server such as IIS, Apache,
    > ColdFusion, etc..
    >
    > (I don't have access to a Windows Web server to try this out myself.)
    >
    > Richard
    >
    > -----Original Message-----
    > From: full-disclosure-admin@lists.netsys.com
    > [mailto:full-disclosure-admin@lists.netsys.com] On Behalf Of
    > xc3ed@phreaker.net
    > Sent: Wednesday, July 09, 2003 7:39 AM
    > To: full-disclosure@lists.netsys.com
    > Cc: KF
    > Subject: Re: [Full-Disclosure] Internet Explorer 6 DoS Bug
    >
    >
    > duplicated in Windows 2003 Server, datacenter edition, IE v6.0.3790.0
    >
    > regards, xsr
    >
    > _______________________________________________
    > Full-Disclosure - We believe in it.
    > Charter: http://lists.netsys.com/full-disclosure-charter.html
    >
    > _______________________________________________
    > Full-Disclosure - We believe in it.
    > Charter: http://lists.netsys.com/full-disclosure-charter.html

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html


  • Next message: ZenTaosun: "[Full-Disclosure] Gconnect v1.0"