Re: IIS Vulnerability Content-Type overflow

From: Syzop (syz@dds.nl)
Date: 12/03/02

  • Next message: Dan Hanson: "Re: IIS Vulnerability Content-Type overflow"
    Date: Tue, 03 Dec 2002 23:48:40 +0100
    From: Syzop <syz@dds.nl>
    To: at4r <at4r@3wdesign.es>
    
    

    Hi,

    at4r wrote:
    > while testing a few days ago how to reproduce the lastest mdac rds
    > vulnerability i found that a specially malformed http request to an IIS
    > Webserver can allow a buffer overflow.

    * I don't see a crash
    * I don't see "big CPU consume". If I flood with this at 2.8MB/s (!)
       I get ~25% CPU usage @ AMD 1800+.
    * You can get the same thing with: perl -e 'print "A"x200000'|nc <IP> 80

    Cya,

            Bram Matthys (Syzop).