[22394] in bugtraq
RE: OWA over ssl shutting down IIS
daemon@ATHENA.MIT.EDU (Mihai PETROV)
Thu Aug 23 14:44:15 2001
Message-ID: <C1CB3427F6A1D41194CC00E0296120E05B55C6@taz.gecadsoftware.com>
From: Mihai PETROV <mihai.petrov@gecadsoftware.com>
To: "'mms '" <msouthwo@beautopia.bellptudor.com>
Cc: "'bugtraq@securityfocus.com'" <bugtraq@securityfocus.com>
Date: Thu, 23 Aug 2001 20:44:26 +0300
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
After further testing, the result is the same: HTTP500 ONLY from that
browser window. On other machines or other browser on same machine works
fine.
Scenario:
1. Log on to OWA with that weird string (other to test).
2. Get response from server: bad CGI or HTTP-500
3. Restart IIS (it is still working thouch) - HTTP-500
4. restart server ( panic?) - HTTP 500
3a. Use Netscape - Works
3b. Use other machine - Works
3c. Close all IE windows and open again - Works
Config: NT4 SP6 w/0 Rollup Package (SP7). IIS fully patched w/ SSL 128 bits.
Exchange 5.5 SP4 only for OWA (emtpty IS).
Mihai
-----Original Message-----
From: mms
To: Mihai PETROV
Cc: bugtraq@securityfocus.com
Sent: 8/23/01 5:30 PM
Subject: Re: OWA over ssl shutting down IIS
Mihai PETROV <mihai.petrov@gecadsoftware.com> wrote:
: I have reached a different result:
:
: after entering the %'s, the OWA site returns HTTP 500 - Internal
server
: error . However, IIS is up and running, other sites work OK.
: It seems that the leak is in the Exchange OWA script (ISAPI?) rather
than in
: IIS.
: OWA still not working after restarting IIS.
:
: Exchange 5.5 SP4, NT4 SP6 w/o rullup package
With a similar build as Mihai, I get the HTTP 500 error,
however, only from the browser I was trying to log in
with (IE). If I switch to another machine (or even just
over to Netscape I get the splash screen and can log in
fine.
-matt
:
: Mihai PETROV
:
: > -----Original Message-----
: > From: Andrew McQueen [mailto:amcqueen@jstmackintosh.co.uk]
: > Sent: Thursday, August 23, 2001 1:22 AM
: > To: 'bugtraq@securityfocus.com'
: > Subject: OWA over ssl shutting down IIS
: >
: >
: > Here is a copy of postings I posted to the iis security forum
: >
: > I have just found this bug with our IIS 4 server and OWA
: > The server is SP6a with the hotfix roll up applied and also
: > the 128 bit
: > ssl upgrade OWA is running accross 128 bit ssl
: >
: > I log onto OWA with an extra long user name of % characters
: > ie %%%%%%%%%
: > (at least 30 times)
: > I then receive the NT username and password box if I then
: > fill both of
: > these with the same characters and hit return till the page
: > times out.
: >
: > The result ends up with world wide web publishing service is stopped
: > And IIS admin service stopped
: >
: >
: > exchange 5.5 sp4
: > The iis server is separate to the exchange server
: > I will be able give more specific info tommorrow!
: > ie event logs, specific service packs etc
: > I have replicated this problem 5 times now and not once has
: > it failed to
: > work.
: > Is this a known problem and if not could it be exploited
: > (apart from DOS)
: >
: > Andy Mcqueen (sorry about the footer it is a legal firm and
: > is compulsory)
: >
--
you make enough cheese / you can be my main boo
