Vigilante Advisory #9 - Internet Information Server (IIS) 4.0 for Windows NT 4.0 is vulnerable to a denial of service attack as described in ms00-063 in which a certain series of requests can cause INETINFO.EXE to gradually consume all system ressources (99-100% CPU and all memory). When the pagefile can't expand any further, INETINFO.EXE is killed by the operating system.
f88b454e98f58dc0cab36e2079df258a10823f10487e75deb9870d645da092ca"Invalid URL" DoS
Advisory Code: VIGILANTE-2000009
Release Date:
September 6, 2000
Systems Affected:
- Internet Information Server 4.0 for Windows NT 4.0
- Possibly Windows NT 4.0 in general (read Microsoft's note)
THE PROBLEM
A certain series of requests can cause INETINFO.EXE to gradually
consume all system ressources (99-100% CPU and all memory). When
the pagefile can't expand any further, INETINFO.EXE is killed by
the operating system, with possibly a dialogue box on your screen
stating that the system is running low on virtual memory. During
testing it was found that usually you wouldn't even see this box.
It requires a restart of the www service for IIS to start working
again.
Initially we believed this to be a problem with IIS, but Microsoft
has pointed out that this is a problem within Windows NT 4.0 (which
might explain why we couldn't reproduce it on Internet Information
Server 5.0). For this reason, you should probably consider applying
the patch on any production environments, running on Windows NT 4.0.
Vendor Status:
Initially reported on the 16th of May this year. Microsoft has
released the following bulletin concerning the issue, including a
patch:
http://www.microsoft.com/technet/security/bulletin/MS00-063.asp
Fix:
Windows NT 4.0 Workstation, Server and Server, Enterprise Edition:
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=24079
Windows NT 4.0 Server, Terminal Server Edition: To be released shortly
Vendor URL: http://www.microsoft.com
Internet Information Server 4.0 URL:
http://www.microsoft.com/ntserver/web/default.asp
Copyright VIGILANTe 2000-03-16
Disclaimer:
The information within this document may change without notice. Use of
this information constitutes acceptance for use in an AS IS
condition. There are NO warranties with regard to this information.
In no event shall the author be liable for any consequences whatsoever
arising out of or in connection with the use or spread of this
information. Any use of this information lays within the user's
responsibility.
Feedback:
Please send suggestions, updates, and comments to:
VIGILANTe
mailto: swat@vigilante.com
http://www.vigilante.com
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed