[NT] ISS Server Sensor Denial of Service

From: SecuriTeam (support_at_securiteam.com)
Date: 09/07/03

  • Next message: SecuriTeam: "[EXPL] Exploit Code Released for WordPerfect Converter Vulnerability" 
    To: list@securiteam.com
Date: 7 Sep 2003 11:05:43 +0200

    The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
    - - promotion

    The SecuriTeam alerts list - Free, Accurate, Independent.

    Get your security news from a reliable source.
    http://www.securiteam.com/mailinglist.html

    - - - - - - - - -

      ISS Server Sensor Denial of Service
    ------------------------------------------------------------------------

    SUMMARY

    By sending a properly formatted URL via SSL, an attacker can successfully
    shut down Microsoft's IIS service stopping all Web and FTP servers.

    DETAILS

    Vulnerable systems:
     * ISS Server Sensor version 7.0 XPU 20.16
     * ISS Server Sensor version 7.0 XPU 20.18

    Immune systems:
     * ISS Server Sensor version 7.0 XPU 20.19

    ISS server sensor 7.0 has the ability to plug into ISS via an ISAPI
    plug-in to allow for IDS on SSL traffic.

    By simply sending a properly formatted URL via SSL, the ISAPI filter will
    crash IIS shutting down the service entirely. IIS 5 may automatically
    restart the service when it detects that the service has stopped.

    Vendor Status:
    We contacted ISS on or about August 14 concerning this issue. ISS has
    since released XPU 20.19 that addresses this specific issue.

    ADDITIONAL INFORMATION

    The information has been provided by <mailto:research@enteredge.com>
    EnterEdge Technology, LLC .

    ========================================

    This bulletin is sent to members of the SecuriTeam mailing list.
    To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
    In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com

    ====================
    ====================

    DISCLAIMER:
    The information in this bulletin is provided "AS IS" without warranty of any kind.
    In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.

  • Next message: SecuriTeam: "[EXPL] Exploit Code Released for WordPerfect Converter Vulnerability"

    Relevant Pages