[NT] Microsoft IIS WebDAV (XML Parser) Attribute Blowup DoS

From: SecuriTeam (support_at_securiteam.com)
Date: 10/17/04

  • Next message: SecuriTeam: "[NT] SetWindowLong Shatter Attacks" 
    To: list@securiteam.com
Date: 17 Oct 2004 16:16:37 +0200

    The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
    - - promotion

    The SecuriTeam alerts list - Free, Accurate, Independent.

    Get your security news from a reliable source.
    http://www.securiteam.com/mailinglist.html

    - - - - - - - - -

      Microsoft IIS WebDAV (XML Parser) Attribute Blowup DoS
    ------------------------------------------------------------------------

    SUMMARY

    A denial of service vulnerability exists that could allow an attacker to
    send a specially crafted WebDAV request to a server that is running IIS
    and WebDAV. An attacker could cause WebDAV to consume all available memory
    and CPU time on an affected server. The IIS service would have to be
    restarted to restore functionality.

    DETAILS

    Vulnerable Systems:
     * Microsoft IIS/5.0 (Windows/2000)
     * Microsoft IIS/5.1 (Windows XP)
     * Microsoft IIS/6.0 (Windows/2003)

    Immune Systems:
     * Microsoft Windows XP Service Pack 2
     * Microsoft Windows NT Server 4.0 Service Pack 6
     * Microsoft Windows NT Server 4.0 Terminal Server Edition Service Pack 6
     * Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and
    Microsoft Windows Millennium Edition (Me)

    An attacker can craft a malicious WebDAV PROPFIND request, which uses XML
    attributes in a way that inflicts a denial of service condition on the
    target machine (IIS web server). The result of this attack is that the XML
    parser consumes all the CPU resources for a long period of time (from
    seconds to minutes, depending on the size of the payload). In our
    experiments, we were able to send attacks (of few hunderd KBs) that caused
    the target machines to consume 100% CPU for several minutes.

    Patch Availability:
    Microsoft has issued a patch in one of their latest advisories,
    <http://www.microsoft.com/technet/security/bulletin/MS04-030.mspx>
    Vulnerability in WebDAV XML Message Handler DoS (MS04-030)

    ADDITIONAL INFORMATION

    The information has been provided by <mailto:aksecurity@hotpop.com> Amit
    Klein (AKsecurity).
    The original article can be found at:
    <http://www.securiteam.com/windowsntfocus/6S00C0UBFS.html> Vulnerability
    in WebDAV XML Message Handler DoS (MS04-030)

    ========================================

    This bulletin is sent to members of the SecuriTeam mailing list.
    To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
    In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com

    ====================
    ====================

    DISCLAIMER:
    The information in this bulletin is provided "AS IS" without warranty of any kind.
    In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.

  • Next message: SecuriTeam: "[NT] SetWindowLong Shatter Attacks"

    Relevant Pages