[NT] ISS Server Sensor Denial of Service

• Previous message: SecuriTeam: "[NT] Additional Information Released on Microsoft WordPerfect Document Converter Buffer Overflow"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: list@securiteam.com
Date: 7 Sep 2003 11:05:43 +0200

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

The SecuriTeam alerts list - Free, Accurate, Independent.

Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html

- - - - - - - - -

  ISS Server Sensor Denial of Service
------------------------------------------------------------------------

SUMMARY

By sending a properly formatted URL via SSL, an attacker can successfully
shut down Microsoft's IIS service stopping all Web and FTP servers.

DETAILS

Vulnerable systems:
 * ISS Server Sensor version 7.0 XPU 20.16
 * ISS Server Sensor version 7.0 XPU 20.18

Immune systems:
 * ISS Server Sensor version 7.0 XPU 20.19

ISS server sensor 7.0 has the ability to plug into ISS via an ISAPI
plug-in to allow for IDS on SSL traffic.

By simply sending a properly formatted URL via SSL, the ISAPI filter will
crash IIS shutting down the service entirely. IIS 5 may automatically
restart the service when it detects that the service has stopped.

Vendor Status:
We contacted ISS on or about August 14 concerning this issue. ISS has
since released XPU 20.19 that addresses this specific issue.

ADDITIONAL INFORMATION

The information has been provided by <mailto:research@enteredge.com>
EnterEdge Technology, LLC .

========================================

This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com

====================
====================

DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.

• Previous message: SecuriTeam: "[NT] Additional Information Released on Microsoft WordPerfect Document Converter Buffer Overflow"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]