IIS WebDav Denial of Service attacks - Update to SPI Dynamics

To: <bugtraq@xxxxxxxxxxxxxxxxx>, <vulndb@xxxxxxxxxxxxxxxxx>, <vulnwatch@xxxxxxxxxxxxx>
Subject: IIS WebDav Denial of Service attacks - Update to SPI Dynamics
From: "Mark Litchfield" <mark@xxxxxxxxxxxxxxx>
Date: Mon, 2 Jun 2003 14:20:15 -0700
Delivered-to: zerbey@localhost.horry.org
Delivered-to: mailing list bugtraq@securityfocus.com
Delivered-to: moderator for bugtraq@securityfocus.com
Delivery-date: Mon, 02 Jun 2003 17:44:58 +0100
Envelope-to: zerbey@wibble.co.uk
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@securityfocus.com; run by ezmlm

In SPI Dynamics own advisory it mentions that IIS will restart itself -
whilst this is true, by supplying a specific number of bytes, we can
terminate all the threads, but leaving INETINFO still alive.  Despite
INETINFO not dying, the process will no longer serve any requests.

This provides a more effective denial of service attack as the administrator
would be required to restart the service manually.

Again, if you have not yet patched your servers, the patch can be obtained
at
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/
bulletin/MS03-018.asp

Regards

Mark Litchfield
NGS Software Ltd
http://www.ngssoftware.com/
Tel: +44 208 40 100 70 (London)
Tel: +44 1241 431 267
Mobile: +44 790 069 5236
Email: mark@xxxxxxxxxxxxxxx

Prev by Date: Mod_gzip Debug Mode Vulnerabilities
Next by Date: [Windows XP] ntdll.dll Buffer Overflow Vulnerability - Yet Another MS03-007
Previous by thread: Mod_gzip Debug Mode Vulnerabilities
Next by thread: [Windows XP] ntdll.dll Buffer Overflow Vulnerability - Yet Another MS03-007
Index(es):
- Date
- Thread