[9220] in bugtraq
Re: [NTSEC] IIS 4 Advisory - ExAir sample site DoS
daemon@ATHENA.MIT.EDU (Michael Howard)
Tue Jan 26 11:51:17 1999
Date: Mon, 25 Jan 1999 10:08:30 -0800
Reply-To: Michael Howard <mikehow@MICROSOFT.COM>
From: Michael Howard <mikehow@MICROSOFT.COM>
X-To: mnemonix <mnemonix@globalnet.co.uk>,
ntbugtraq@listserv.ntbugtraq.com
To: BUGTRAQ@NETSPACE.ORG
we've always recommended people remove ALL samples from any production
server - incl ExAir, WSH, and ADO samples etc.
Cheers, MH
IIS Security
-----Original Message-----
From: mnemonix [mailto:mnemonix@globalnet.co.uk]
Sent: Tuesday, January 26, 1999 8:36 AM
To: ntbugtraq@listserv.ntbugtraq.com
Cc: ntsecurity@iss.net; bugtraq@netspace.org
Subject: [NTSEC] IIS 4 Advisory - ExAir sample site DoS
TO UNSUBSCRIBE: email "unsubscribe ntsecurity" to majordomo@iss.net
Contact ntsecurity-owner@iss.net for help with any problems!
---------------------------------------------------------------------------
This advisory is for those that have Internet Information Server 4 installed
with the IIS sample site "ExAir".
There are three Active Server Pages that, if called directly without the
default ExAir page and associated dlls ever having been loaded into the IIS
memory space, will hang and eventually time out after 90 secs - the default
script timeout period. Whilst in this state, processor usage increases to
100% and the server becomes very sluggish.
These pages are:
Exair - root/search/advsearch.asp
Exair - root/search/query.asp
Exair -root/search/search.asp
The Exair directory and all subdirectories should be deleted - they are not
needed.
NTInfoScan will check if your site is vulnerable to this problem. More
information about NTInfoScan can be found at
http://www.infowar.co.uk/mnemonix/ntinfoscan.htm
Cheers,
David Litchfield
http://www.infowar.co.uk/mnemonix
ps - apologies to the owner of the server.com domain.
