[VulnWatch] eSecurityOnline Security Advisory 3401 - Microsoft Internet Infor mation Server / Exchange 2000 invalid request denial of service vulnerabi lity

From: researchteam5@esecurityonline.com
Date: Mon Apr 29 2002 - 16:05:58 EDT

• Next message: researchteam5@esecurityonline.com: "[VulnWatch] eSecurityOnline Security Advisory 3761 - Sun Solaris lbxproxy dis play name buffer overflow vulnerability"
• Previous message: researchteam5@esecurityonline.com: "[VulnWatch] eSecurityOnline Security Advisory 2408 - CIDER SHADOW CGI"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

eSO Security Advisory: 3401
Discovery Date: March 1, 2001
ID: eSO:3401
Title: Microsoft Internet Information Server /
                        Exchange 2000 invalid request denial of
                        service vulnerability
Impact: Remote attackers can cause a denial of service
                        condition
Affected Technology: Microsoft IIS 5
                        Microsoft Exchange 2000
                        Microsoft Windows 2000 Server
                        Microsoft Windows 2000 Server SP1
                        Microsoft Windows 2000 Advanced Server
                        Microsoft Windows 2000 Advanced Server SP1
Vendor Status: Patches are available (MS01-014)
Discovered By: Kevin Kotas of the eSecurityOnline Research
                        and Development Team
CVE Reference: CAN-2001-0146

Advisory Location:
http://www.eSecurityOnline.com/advisories/eSO3401.asp

Description:
Microsoft Internet Information Server and Exchange 2000 are vulnerable
to a flaw that allows a remote attacker to cause a denial of service
condition. The problem is due to a component incorrectly handling
requests of excessive length. An attacker can continuously make a
request that will cause the inetinfo process to repeatedly crash,
which in turn will cause IIS, FTP, NNTP, and other services to become
temporarily unavailable.

Technical Recommendation:
Install the latest patches from the vendor.

Microsoft IIS 5.0:
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=28155

Microsoft Exchange 2000:
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=28369

As a workaround for protecting IIS:

With Regedit running, locate the key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\w3svc\parameters

And add if not present:

Value Name: MaxClientRequestBuffer
Data Type: REG_DWORD

Select Decimal from the DWORD Editor dialog box. In the Data text box,
type the number of bytes, or characters, for the maximum allowed URL
request length. The length is site-specific, but generally 10000
should suffice and keep site functionality. Finally, restart IIS.
Thoroughly test after applying this workaround.

Windows 2000 Service Pack 2 also addresses the vulnerability. Windows
2000 Service Pack 2 can be downloaded from:
http://www.microsoft.com/windows2000/downloads/servicepacks/sp2/

Vendor Advisory:
MS01-014

Acknowledgements:
eSecurityOnline would like to thank Microsoft security for their
cooperation in resolving the issue.

Copyright 2002 eSecurityOnline LLC. All rights reserved.

THE INFORMATION IN THIS VULNERABILITY ALERT IS PROVIDED BY
ESECURITYONLINE LLC "AS IS", "WHERE IS", WITH NO WARRANTY OF ANY KIND,
AND ESECURITYONLINE LLC HEREBY DISCLAIMS THE IMPLIED WARRANTIES OF
NON-INFRINGEMENT, MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE. ESECURITYONLINE LLC SHALL HAVE NO LIABILITY FOR ANY DAMAGE,
CLAIM OR LOSS RESULTING FROM YOUR USE OF THE INFORMATION CONTAINED IN
THIS VULNERABILITY ALERT.

• Next message: researchteam5@esecurityonline.com: "[VulnWatch] eSecurityOnline Security Advisory 3761 - Sun Solaris lbxproxy dis play name buffer overflow vulnerability"
• Previous message: researchteam5@esecurityonline.com: "[VulnWatch] eSecurityOnline Security Advisory 2408 - CIDER SHADOW CGI"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 22:21:36 EDT