[22419] in bugtraq
Quick temporary fix for OWA DOS
daemon@ATHENA.MIT.EDU (Martin Dion)
Sat Aug 25 14:15:41 2001
Reply-To: <martin.dion@abovetech.com>
From: "Martin Dion" <martin.dion@abovetech.com>
To: "'Andrew McQueen'" <amcqueen@jstmackintosh.co.uk>,
<bugtraq@securityfocus.com>
Date: Sat, 25 Aug 2001 11:10:58 -0400
Message-ID: <005a01c12d78$25734000$7d27cb18@martindion>
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
In-Reply-To: <617607F5561BD4118CC300D0B73CDAD96E5B9C@EXCHANGESRVR>
Good morning all,
For people who have this issue within there servers, we have a found a
temporary fix, it can permanent if you wish but it put more user
administration in the loop.
Configure IIS to Challenge-Response the access on the login page, that way,
non legitimated users that tries to cause the DOS in your OWA won't have
access to the component that cause that problem.
Simple and effective.
Have a good week end.
Martin Dion
Vice-President
Technology and Security Services
Above Technology
Phone: (450) 430-8166
Cell: (514) 831-5427
Email: martin.dion@abovetech.com <mailto:martin.dion@abovetech.com>
-----Message d'origine-----
De : Andrew McQueen [mailto:amcqueen@jstmackintosh.co.uk]
Envoyé : Wednesday, August 22, 2001 6:22 PM
À : 'bugtraq@securityfocus.com'
Objet : OWA over ssl shutting down IIS
Here is a copy of postings I posted to the iis security forum
I have just found this bug with our IIS 4 server and OWA
The server is SP6a with the hotfix roll up applied and also the 128 bit
ssl upgrade OWA is running accross 128 bit ssl
I log onto OWA with an extra long user name of % characters ie %%%%%%%%%
(at least 30 times)
I then receive the NT username and password box if I then fill both of
these with the same characters and hit return till the page times out.
The result ends up with world wide web publishing service is stopped
And IIS admin service stopped
exchange 5.5 sp4
The iis server is separate to the exchange server
I will be able give more specific info tommorrow!
ie event logs, specific service packs etc
I have replicated this problem 5 times now and not once has it failed to
work.
Is this a known problem and if not could it be exploited (apart from DOS)
Andy Mcqueen (sorry about the footer it is a legal firm and is compulsory)
