[16658] in bugtraq
Re: VIGILANTE-2000009: "Invalid URL" DoS
daemon@ATHENA.MIT.EDU (Alexander Ivantchev)
Fri Sep 8 11:57:33 2000
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1; x-mac-type="54455854";
x-mac-creator="4D4F5353"
Content-Transfer-Encoding: 8bit
Message-ID: <39B7BE7F.C558DFF8@bivwood.com>
Date: Thu, 7 Sep 2000 12:12:52 -0400
Reply-To: Alexander Ivantchev <aivantchev@BIVWOOD.COM>
From: Alexander Ivantchev <aivantchev@BIVWOOD.COM>
X-To: prg@vigilante.com
To: BUGTRAQ@SECURITYFOCUS.COM
The link referring to the patch, however (both the i386 and the Alpha
versions) seems to be dead... Has the patch been recalled and is there an
alternate download location?
Peter Gründl wrote:
> "Invalid URL" DoS
>
> Advisory Code: VIGILANTE-2000009
>
> Release Date:
> September 6, 2000
>
> Systems Affected:
> - Internet Information Server 4.0 for Windows NT 4.0
> - Possibly Windows NT 4.0 in general (read Microsoft's note)
>
> THE PROBLEM
> A certain series of requests can cause INETINFO.EXE to gradually
> consume all system ressources (99-100% CPU and all memory). When
> the pagefile can't expand any further, INETINFO.EXE is killed by
> the operating system, with possibly a dialogue box on your screen
> stating that the system is running low on virtual memory. During
> testing it was found that usually you wouldn't even see this box.
> It requires a restart of the www service for IIS to start working
> again.
> Initially we believed this to be a problem with IIS, but Microsoft
> has pointed out that this is a problem within Windows NT 4.0 (which
> might explain why we couldn't reproduce it on Internet Information
> Server 5.0). For this reason, you should probably consider applying
> the patch on any production environments, running on Windows NT 4.0.
>
> Vendor Status:
> Initially reported on the 16th of May this year. Microsoft has
> released the following bulletin concerning the issue, including a
> patch:
> http://www.microsoft.com/technet/security/bulletin/MS00-063.asp
>
> Fix:
> Windows NT 4.0 Workstation, Server and Server, Enterprise Edition:
> http://www.microsoft.com/Downloads/Release.asp?ReleaseID=24079
>
> Windows NT 4.0 Server, Terminal Server Edition: To be released shortly
>
> Vendor URL: http://www.microsoft.com
> Internet Information Server 4.0 URL:
> http://www.microsoft.com/ntserver/web/default.asp
>
> Copyright VIGILANTe 2000-03-16
>
> Disclaimer:
> The information within this document may change without notice. Use of
> this information constitutes acceptance for use in an AS IS
> condition. There are NO warranties with regard to this information.
> In no event shall the author be liable for any consequences whatsoever
> arising out of or in connection with the use or spread of this
> information. Any use of this information lays within the user's
> responsibility.
>
> Feedback:
> Please send suggestions, updates, and comments to:
>
> VIGILANTe
> mailto: swat@vigilante.com
> http://www.vigilante.com
