Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » IIS WebDav Lock Method Memory Leak DoS Vulnerability

IIS WebDav Lock Method Memory Leak DoS Vulnerability

by platon on May 20th, 2001 Microsoft IIS 5.0 is vulnerable to a denial of service attack...



A flaw in the WebDav extensions allow a remote attacker to carry out a DoS by repeatedly requesting nonexistent files via the HTTP LOCK method.


This leads to a complete consumption of memory resources, eventually crashing the host and requiring a restart.

Exploit:


LOCK /aaaaaaaaaaaaaaaaaaaaaaaaaa.htw HTTP/1.0

One way is to combine the attack with asp executions, eg.

GET /iisstart.asp?uc=a HTTP/1.0


Solution:

The problem has been corrected in httpext.dll v.0.9.3940.21, which is packaged with Windows 2000 Service Pack 2 and according to Microsoft:


"it will ship with each IIS5 hotfix that we release going forward (and will be available for SP0, SP1, and SP2+.)"


You can find Service Pack 2 on Microsofts webpage at:


http://www.microsoft.com/windows2000/downloads/servicepacks/sp2/sp2lang.asp

Reported to bugtraq by Defcom Labs in advisory def-2001-26 dated May 17, 2001

[Homepage]


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »