From researchteam5@esecurityonline.com Fri May 3 03:39:20 2002 From: researchteam5@esecurityonline.com To: vulnwatch@vulnwatch.org, bugtraq@securityfocus.com Cc: ken.williams@ey.com Date: Mon, 29 Apr 2002 15:09:15 -0500 Subject: [VulnWatch] eSecurityOnline Security Advisory 3595 - Microsoft Internet Infor mation Server denial of service vulnerabilities eSO Security Advisory: 3595 Discovery Date: April 30, 2001 ID: eSO:3595 Title: Microsoft Internet Information Server denial of service vulnerabilities Impact: Remote attackers can cause a denial of service condition Affected Technology: Microsoft IIS 5.0 Microsoft Windows 2000 Server Microsoft Windows 2000 Server SP1 Microsoft Windows 2000 Server SP2 Microsoft Windows 2000 Advanced Server Microsoft Windows 2000 Advanced Server SP1 Microsoft Windows 2000 Advanced Server SP2 Vendor Status: Patches are available (MS01-026) Discovered By: Kevin Kotas of the eSecurityOnline Research and Development Team CVE Reference: CVE-2001-0336, CAN-2001-0337 Advisory Location: http://www.eSecurityOnline.com/advisories/eSO3595.asp Description: Microsoft Internet Information Server is vulnerable to flaws that allow a remote attacker to cause a denial of service condition. The first problem is related to the way the web server handles character processing requests to a certain application mapping. A special request can be sent to the web server, which will cause 100% CPU utilization and effectively prevent web server response to all incoming requests. The second issue involves a memory leak that can occur when processing a particular type of HTTP request. As a result of the memory leak, the server will eventually stop responding to requests. Technical Recommendation: Upgrade with the latest available patch. Microsoft Internet Information Server 4.0: http://www.microsoft.com/Downloads/Release.asp?ReleaseID=29787 Microsoft Internet Information Server 5.0: http://www.microsoft.com/Downloads/Release.asp?ReleaseID=29764 Vendor Advisory: MS01-026 Acknowledgements: eSecurityOnline would like to thank Microsoft security for their cooperation in resolving the issue. Copyright 2002 eSecurityOnline LLC. All rights reserved. THE INFORMATION IN THIS VULNERABILITY ALERT IS PROVIDED BY ESECURITYONLINE LLC "AS IS", "WHERE IS", WITH NO WARRANTY OF ANY KIND, AND ESECURITYONLINE LLC HEREBY DISCLAIMS THE IMPLIED WARRANTIES OF NON-INFRINGEMENT, MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. ESECURITYONLINE LLC SHALL HAVE NO LIABILITY FOR ANY DAMAGE, CLAIM OR LOSS RESULTING FROM YOUR USE OF THE INFORMATION CONTAINED IN THIS VULNERABILITY ALERT.