[11481] in bugtraq
DoS Caused By Re-Released Malformed Header Patch
daemon@ATHENA.MIT.EDU (Michael Brennen)
Sun Aug 22 16:29:34 1999
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-Id: <Pine.LNX.4.10.9908210350240.11145-100000@ns1.fni.com>
Date: Sat, 21 Aug 1999 04:07:24 -0500
Reply-To: Michael Brennen <mbrennen@FNI.COM>
From: Michael Brennen <mbrennen@FNI.COM>
X-To: BUGTRAQ@SECURITYFOCUS.COM
To: BUGTRAQ@SECURITYFOCUS.COM
I just had a 'patch event' applying the re-released malformed header
patch. I went through the Microsoft security bulletins and carefully
checked the dates before downloading and applying the patch. I did not
apply the first release of the patch before applying the updated one.
This is on an NT 4.0 SP5 system.
The re-released patch itself caused a very effective denial of
service. Once applied, the Web server would no longer serve pages;
the browser hung with the message 'Host www.....com contacted; Waiting
for reply....". Reapplying SP5 corrected the problem.
I repeated the procedure, applying the patch after reapplying SP5; the
DoS repeated after applying the malformed header patch. Reapplying
SP5 repaired the patch. The event logs did not report anything out of
the ordinary.
I do not know if others are seeing this, but it seemed worth
reporting. Before you attempt this patch, make sure you have SP5
available in case you need it to recover.
Michael Brennen
President, FishNet(R), Inc.
(972) 669-0041
