Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » Georgi Guninski security advisory #38, 2001

Georgi Guninski security advisory #38, 2001

by phiber on March 17th, 2001 It is possible to remotely restart all IIS related service using specially crafted request. It is also possible to force IIS to consume memory which it does not free.
Seems to be a buffer overflow, don't know whether it is exploitable, let me know if you find a way to exploit it.





Basically the problem are very long but valid propfind request.

For example the following PROPFIND request works for me:

---------------------







---------------------

where length($over) ~ 128008

The first time the request is send IIS replies with 500 ... Exception. The second time the services are restarted.




To read the whole advisory and see a perl script example, download the whole advisory.

Download this advisory


This advisory was issued by George Guninski. Xatrix Security was allowed to post this advisory.


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »