Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Exploits-HackingTools
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[NT] Microsoft IIS WebDAV (XML Parser) Attribute Blowup DoS

from [SecuriTeam] Network Security [Permanent Link]
Subject: [NT] Microsoft IIS WebDAV (XML Parser) Attribute Blowup DoS
Date: 17 Oct 2004 16:16:37 +0200 
The following security advisory is sent to the securiteam mailing list, and can 
be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

The SecuriTeam alerts list - Free, Accurate, Independent.

Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html 

- - - - - - - - -



  Microsoft IIS WebDAV (XML Parser) Attribute Blowup DoS
------------------------------------------------------------------------


SUMMARY

A denial of service vulnerability exists that could allow an attacker to 
send a specially crafted WebDAV request to a server that is running IIS 
and WebDAV. An attacker could cause WebDAV to consume all available memory 
and CPU time on an affected server. The IIS service would have to be 
restarted to restore functionality.

DETAILS

Vulnerable Systems:
 * Microsoft IIS/5.0 (Windows/2000)
 * Microsoft IIS/5.1 (Windows XP)
 * Microsoft IIS/6.0 (Windows/2003)

Immune Systems:
 * Microsoft Windows XP Service Pack 2
 * Microsoft Windows NT Server 4.0 Service Pack 6
 * Microsoft Windows NT Server 4.0 Terminal Server Edition Service Pack 6
 * Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and 
Microsoft Windows Millennium Edition (Me)

An attacker can craft a malicious WebDAV PROPFIND request, which uses XML 
attributes in a way that inflicts a denial of service condition on the 
target machine (IIS web server). The result of this attack is that the XML 
parser consumes all the CPU resources for a long period of time (from 
seconds to minutes, depending on the size of the payload). In our 
experiments, we were able to send attacks (of few hunderd KBs) that caused 
the target machines to consume 100% CPU for several minutes.

Patch Availability:
Microsoft has issued a patch in one of their latest advisories,  
<http://www.microsoft.com/technet/security/bulletin/MS04-030.mspx> 
Vulnerability in WebDAV XML Message Handler DoS (MS04-030)


ADDITIONAL INFORMATION

The information has been provided by  <mailto:aksecurity@hotpop.com> Amit 
Klein (AKsecurity).
The original article can be found at:  
<http://www.securiteam.com/windowsntfocus/6S00C0UBFS.html> Vulnerability 
in WebDAV XML Message Handler DoS (MS04-030)



======================================== 


This bulletin is sent to members of the SecuriTeam mailing list. 
To unsubscribe from the list, send mail with an empty subject line and body to: 
list-unsubscribe@securiteam.com 
In order to subscribe to the mailing list, simply forward this email to: 
list-subscribe@securiteam.com 


==================== 
==================== 

DISCLAIMER: 
The information in this bulletin is provided "AS IS" without warranty of any 
kind. 
In no event shall we be liable for any damages whatsoever including direct, 
indirect, incidental, consequential, loss of business profits or special 
damages.
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [NT] Microsoft IIS WebDAV (XML Parser) Attribute Blowup DoS, SecuriTeam <=
Previous by Date:  [REVS] Common Firewall Configuration Errors, SecuriTeam
Next by Date:  [NT] SetWindowLong Shatter Attacks, SecuriTeam
Previous by Thread:  [REVS] Common Firewall Configuration Errors, SecuriTeam
Next by Thread:  [NT] SetWindowLong Shatter Attacks, SecuriTeam
Indexes:  [Date] [Thread] [Top] [All Lists]