|
|
Info |
Last Modified |
| 7 months ago |
|
|
|
|
Description |
A remote overflow exists in how IIS processes HTTP header information. IIS performs a safety check to ensure that all header values are valid, however it is possible to spoof the results of the check and convince the application that delimiter fields are present when they are not. With a specially crafted URL, an attacker can cause either a DoS or the execution of arbitrary code, resulting in a loss of confidentiality, integrity, and/or availability.
|
|
Classification |
Location:
Remote/Network Access Required
Attack Type:
Input Manipulation
Impact:
Loss of Confidentiality,
Loss of Integrity,
Loss of Availability
Exploit:
Exploit Unknown
Disclosure:
OSVDB Verified
|
|
Technical |
Arbitrary code will be executed with the privileges of ASP ISAPI extension, ASP.DLL. On IIS 4.0, ASP.DLL runs as part of the OS, allowing full administrative control. On IIS 5.0 and 5.1, ASP.DLL runs with the privileges of the IWAM_computername account.
|
|
Solution |
Install Patch Q319733, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the following workaround(s):
1. Disable ASP - Version 1.0 of the IIS Lockdown Tool disables ASP by default, and version 2.1 disables ASP if "Static Web Server" is selected.
2. The URLScan tool can be used to prevent code execution, but not the DoS.
|
|
Products |
|
IIS
 |
4.0 |
5.0 |
5.1 |
|
|
|
|
|
|
Credit |
Unknown or Incomplete
|
|
BlogsProvided by Technorati
|
None found at this time
|
|
|
